Job Description
OVERVIEW :
We are seeking a SOC Analyst (Tier 3) who has experience providing support in a dynamic, fast-paced environment. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the federal cybersecurity market.
The SOC Analyst (Tier 3) will have the opportunity to be exposed to all aspects of support to a federal client and will be encouraged to grow as the organization expands.
GENERAL DUTIES :
- Provide first line SOC support with timely triage, routing and analysis of SOC tasks
- Researches, develops, and monitors custom visualizations
- Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives
- Tunes and develops SIEM correlation logic for threat detection
- Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
- Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
- Produce and review aggregated performance metrics
- Perform Cyber Threat Assessment and Remediation Analysis
- Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
- Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
- Investigate network and host detection and monitoring systems to advise engagement processes
- Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
- Participate in on-call rotation for after-hours security and / or engineering issues
- Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
- Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
- Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection
- Participate in on-call rotation for after-hours security and / or engineering issues
- Collaborate with incident response team to rapidly build detection rules as needed
- Responsible for supporting 24x7x365 SOC operations including but not limited to : Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents
- Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods
- Monitoring / triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate
- IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarmsReview and reporting on anomalous patterns (Hunting) across all security tools / SIEM
- Develop in in-depth understanding of customer and SOC operations requirements and policies
- Ensure reports are properly entered into the tracking system
- Perform customer security assessments
- Supporting incident response or remediation as needed
- Participate and develop and run tabletop exercises
- Perform lessons learned activities
- Supporting ad-hoc data and investigation requests
- Composing reports, updates, security alert notifications or other artifacts and documents as needed
Required Skills
REQUIRED QUALIFICATIONS :
- Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the Attack Framework
- Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents
- Support alert and notification triage, review / analysis through resolution / close
- Manage multiple tickets / alerts in parallel, including end-user coordination
- Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
- Solid understanding and experience analyzing security events generated from security tools and devices not limited to FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack / Bit9, Splunk, Prisma Cloud / Compute, Cisco IronPort, BlueCoat
- Experience and solid understanding of Malware analysis
- Demonstrated proficiencies with one or more toolsets such as Bit9 / CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
- Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
- In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to : Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
- Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development
- Experience with bash, python, and Windows Powershell scripting
- Demonstrated experience with triage and resolution of SOC tasks, including but not limited to : vulnerability announcements, phishing email review, Tier 1 IR support, SIEM / Security Tools - alert analysis
- Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
- Demonstrated experience with the underlying logs generated by operating systems (Linux / Windows), Network Security Devices, and other enterprise tools
- Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk.
- Solid understanding and experience analyzing security events generated from security tools and devices not limited to : Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
- Experience and solid understanding of Malware analysis
- Understanding of security incident response processes
- Bachelor’s Degree in CyberSecurity or a similar field
- Minimum of Ten (10) years technical experience
- 7+ years of SOC
- 3+ years of rule development and tuning experience
- 1+ years Incident response
CLEARANCE :
US Citizenship required
About Procession Systems
About us
30+ days ago