Job Details

SOC Tier 3 Engineer


Apex Systems, Inc.


Purcellville, VA 20132

Position: Soc Tier 3 Analyst
Program: Brand new contract - on year 1 out of 5 years. As a SOC Tier 2 Analyst, you will be analyzing / monitoring network traffic and providing advanced IT Security Incident Response for a global implementation of Microsoft UC (Skype for Business) for a DoD Customer.

Work Authorization: Candidate must be US Citizens who are able to obtain and maintain a DoD Secret Clearance per condition of employment

In this role, you will you will be responsible for the following:
- Validation and analysis of investigations escalated from the Tier 2 Security Operations Center (SOC) Analysts
- Analyzes medium to high complexity technical and system problems related to security events
- Provide documentation of the investigation; determine the validity and priority of the activity and escalate to a Cyber Defense Team, as needed
- Communicates directly with the Application owners and business owners during high severity incidents
- Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets and SIEM platform
- Manages and assures threat feeds are received, aggregated, reviewed, tickets and acted upon accordingly
- Feeds data back to threat feed sources, where appropriate, of new threats found during internal investigations
- Manage white list and black list in SIEM and disseminates to appropriate operators for tool policy updates or setting updates in security tools
- Staying up to date with current vulnerabilities, attacks, and countermeasures
- This position requires the ability to work shifts on a 24*7*365 schedule, including on-call
- Develops solutions and provides recommendations to enhance overall security posture, reduce false positives, and optimize Time to Detection and Time to Remediation metrics

Knowledge / Skills / Experience / Certifications:
- 5-7 years of related experience in a Security Operations Center capacity
- Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), Cyber Defense Team (CDT) or a Security Operations Center (SOC)
- Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages
- General knowledge of practices and procedures of operating systems, operating system utilities and sub systems and/or network technologies
- Knowledge of network security zones, firewall, IDS
- Knowledge of log formats for syslog, http logs, DB logs and how to gather traceability back to event; knowledge of packet capture and analysis; experience with log management or security information management tools; experience with security assessment tools; ability to make information security risk determinations
- Certified and/or trained in one or more of the Security tracks from vendors like Cisco, Splunk, Microsoft
- Knowledge of regex and experience with one or more scripting languages like Python, Perl, Ruby etc.
- Familiarity with and the ability to follow ITSM, ITIL, and InfoSecurity Best Practices
- Candidates must be able to work on-site
- Authorized to work in the US without sponsorship now or in the future
- The ability to communicate security events, potential impacts, and actions taken to higher-tier resolvers and management team
- Meets IAT II Certification requirements
- Security+ Certification is required
Post Date:
Minimum Clearance:
Secret - Interim Secret Acceptable
Minimum Experience Required:
5+ yrs experience
Job Category:
IT - Security
$125,000 - $150,000 annual salary
Group ID: