Please send resume in word format to BKAPPER@SATTEL2.COM should you be interested in the following Sr SOC Analyst position in Germantown, MD. The salary range is 130-155K. You will be leading the SOC and will have approximately 5-10 SOC Analysts working with you. Currently, the SOC is a 8x5 operation; however, as the SOC grows, it will turn into a 24x7x365 operation.
CANDIDATES WITH TOP SECRET CLEARANCE ARE HIGHLY PREFERRED! MINIMUM OF A SECRET CLEARANCE. All candidates must be receptive to a drug test and background investigation.
Sr. SOC Cyber Security Analyst
Role and Responsibilities
Candidate is responsible for the continuous operation in a Security Operations Center. The workload of the candidate will include managing the organization's security scanning tools, assessing and analyzing the data collected from those tools, as well as tracking and reporting on suspicious activity.
• Under broad direction, the qualified candidate will be required to work 1st and support other shifts as needed.
• Scanning of IT assets using commercial vulnerability assessment tools, active threat analysis and threat hunting, ongoing collaboration and communication with other SOC members
• Manage the enterprise security event monitoring program, to include, but not limited to management of SIEM solutions.
• Provide real time decisions for management making for ongoing information security incidents as they occur
• Act as an internal consultant to IT and IT security Infrastructure teams in designing and implementing security solutions to mitigate, protect, recover, and respond to in incidents.
• Perform ongoing cyber security risk analysis on vulnerabilities discovered and unknown threats on the attack surface.
• Perform vulnerability and penetration tests.
• Operate Network Intrusion Detection and Forensics; conduct performance analysis of Information Systems security incidents.
• in response to customer requirements or inquiries, provides initial incident information to the Incident Response (IR) Specialty.
• Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
• Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. Provides guidance to customers about applicability of information systems to meet business needs.
• Experience with writing /modifying existing code for computer applications, software with languages such was Perl, PHP, Python, etc.
• Responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats.
• Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of information system lifecycle, preservation of property, and information security for CIA of information and information systems.
• Investigates and analyzes all relevant response activities.
• Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations
• Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
• Analyzes collected information to identify vulnerabilities and potential for exploitation.
Strong working knowledge of and experience with:
• Incident Handling Phase- Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
• Incident Handling Phase Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
• Incident Handling - Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
• Incident Handling - Respond – Develop and implement the appropriate activities to act regarding a detected cybersecurity event.
• Incident Handling - Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore
• Application security
• Hardware Security
• Network Security, IDS, IDPS
• Wireless Security
• Layer 1- Layer 7 troubleshooting
• In depth understanding of the OSI model
• Continuous Monitoring tool
• Vulnerability Management Tools
• Malware analyst and hunt tools
• Forensic tools and triage for L1-L7
• Strong communications skills with ability to solve and communicate complex technical problems to management in a timely manner under pressure
• Ability to make decisions independently without supervision
• Leverage common scripting languages , like Perl, to: parse logs, automate processes, and integrate systems
• Experience performing "deep dive" analysis and correlation of log data from multiple sources to support incident response efforts
• Bachelor’s degree in Engineering, Computer Science, or a mathematics-intensive discipline that provides substantial knowledge and skill in engineering large, complex projects with a minimum of 5 to 10 years of intensive, progressive and relevant experience.
• Must be able to obtain/maintain Top Secret or DOE “Q” security clearance
• GCIH, CEH or CISSP certifications are preferred
• Strong oral and written communication skills
• Experience working with Incident Response involving threat actors and working ongoing pervasive intrusion sets.
• Strong understanding of TCP/IP networking including knowledge of protocols and services
• Capable of interpreting packet captures.
• 5-10 years of Enterprise Security Operation Center experience
• 3-5 years of experience monitoring enterprise network traffic and using various monitoring tools