SOC Security Analyst (Level 2)
The preference is hybrid out of College Park, Maryland but remote US based candidates will be considered. Either way, the schedule will be a Panama schedule : (slow rotating shift pattern that uses 4 teams and two 12-hour shifts to provide 24 / 7 coverage.
The working and non-working days follow this pattern : 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off)
Summary
BlueVoyant is looking for Security Operations Center (SOC) Analysts (Level 2) to help our global customers manage their IT security.
You will be part of a fast-paced team that helps customers to reduce the impact of security incidents and ensures that critical business operations continue unhindered.
Key Responsibilities
- Monitor and analyze security events and alerts from multiple sources, including security information and event management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows and Unix), and databases
- Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks
- Initiate tickets, document, and escalate to higher-level security analysts
- Serve as the technical escalation point and mentor for lower-level analysts
- Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
- Perform triage of incoming issues (assess the priority, determine risk).
- Work with customers to deploy hardware and software monitoring systems
- Maintain a strong awareness of the current threat landscape.
Basic Qualifications
- Excellent teamwork skills
- Knowledge of and experience with intrusion detection / prevention systems and SIEM software
- Strong knowledge and understanding of network protocols and devices.
- Strong experience with Mac OS, Windows, and Unix systems.
- Ability to analyze event logs and recognize signs of cyber intrusions / attacks
- Ability to handle high pressure situations in a productive and professional manner.
- Ability to work directly with customers to understand requirements for and feedback on security services
- Strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
- Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
- Able and willing to work in a 24 / 7 / environment, including nights and weekends, on a rotating shift schedule
- Ability to provide tuning recommendations for security tools to tool administrators.
- Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
Strong knowledge of the following :
- SIEM
- Packet Analysis
- SSL Decryption
- Malware Detection
- HIDS / NIDS
- Network Monitoring Tools
- Case Management System
- Knowledge Base
- Web Security Gateway
- Email Security
- Data Loss Prevention
- Anti-Virus
Preferred Qualifications
- Experience in network / host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
- 2-4 years of hands-on SOC / TOC / NOC experience
- GCIA required. GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
- Familiarity with tools such as IDA Pro, PEiD, PEview, Procmon, Snort, Bro, Kali Linux, Metasploit, NMAP, and Nessus
- Familiarity with GPO, Landesk, or other IT Infrastructure tools
- Understanding of programming / scripting languages and ability to run basic database queries
Education
- Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field. Exceptional candidates with proven experience in security / network operations will also be considered.