Cybersecurity Analyst Tier 3

Job Description

OVERVIEW :

We are seeking a SOC Analyst (Tier 3) who has experience providing support in a dynamic, fast-paced environment. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the federal cybersecurity market.

The SOC Analyst (Tier 3) will have the opportunity to be exposed to all aspects of support to a federal client and will be encouraged to grow as the organization expands.

GENERAL DUTIES :

• Provide first line SOC support with timely triage, routing and analysis of SOC tasks
• Researches, develops, and monitors custom visualizations
• Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives
• Tunes and develops SIEM correlation logic for threat detection
• Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
• Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
• Produce and review aggregated performance metrics
• Perform Cyber Threat Assessment and Remediation Analysis
• Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
• Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
• Investigate network and host detection and monitoring systems to advise engagement processes
• Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
• Participate in on-call rotation for after-hours security and / or engineering issues
• Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
• Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
• Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection
• Participate in on-call rotation for after-hours security and / or engineering issues
• Collaborate with incident response team to rapidly build detection rules as needed
• Responsible for supporting 24x7x365 SOC operations including but not limited to : Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents
• Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods
• Monitoring / triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate
• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarmsReview and reporting on anomalous patterns (Hunting) across all security tools / SIEM
• Develop in in-depth understanding of customer and SOC operations requirements and policies
• Ensure reports are properly entered into the tracking system
• Perform customer security assessments
• Supporting incident response or remediation as needed
• Participate and develop and run tabletop exercises
• Perform lessons learned activities
• Supporting ad-hoc data and investigation requests
• Composing reports, updates, security alert notifications or other artifacts and documents as needed

Required Skills

REQUIRED QUALIFICATIONS :

• Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the Attack Framework
• Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents
• Support alert and notification triage, review / analysis through resolution / close
• Manage multiple tickets / alerts in parallel, including end-user coordination
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack / Bit9, Splunk, Prisma Cloud / Compute, Cisco IronPort, BlueCoat
• Experience and solid understanding of Malware analysis
• Demonstrated proficiencies with one or more toolsets such as Bit9 / CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
• Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to : Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
• Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development
• Experience with bash, python, and Windows Powershell scripting
• Demonstrated experience with triage and resolution of SOC tasks, including but not limited to : vulnerability announcements, phishing email review, Tier 1 IR support, SIEM / Security Tools - alert analysis
• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
• Demonstrated experience with the underlying logs generated by operating systems (Linux / Windows), Network Security Devices, and other enterprise tools
• Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk.
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to : Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
• Experience and solid understanding of Malware analysis
• Understanding of security incident response processes
• Bachelor’s Degree in CyberSecurity or a similar field
• Minimum of Ten (10) years technical experience
• 7+ years of SOC
• 3+ years of rule development and tuning experience
• 1+ years Incident response

CLEARANCE :

US Citizenship required

About Procession Systems

About us