SOC Analyst

Job Title: SOC Analyst

Location: Crownsville, MD (100% onsite)

Job Type: Long term contract - ONSITE

Interview Mode: Video

Duties and Responsibilities:

• Monitor, protect, and defend the enterprise perimeter against malicious network traffic.
• Monitor, protect, and defend internal networks and hosts against ongoing and emerging threats.
• Enrich monitoring logs with contextual operation data from functional areas correlate events and identify security issues, threats, and vulnerabilities
• Conduct security event analysis and validation, triage validated incidents, perform initial containment where feasible, research incident and enrich incident case documentation, and escalate incident for further analysis, containment, and eradication.
• Review and analyze threat intelligence information and proactively search application, system, network logs to hunt for and thwart relevant threats identified threats.
• Prepare and perform shift handover briefing to communicate completed and pending activities, and relay situational awareness information.
• Contribute to the development and maintenance of SOC Standard Operating Procedures (SOPs) and Concept of Operations (CONOPS) to establish and continuously improve organization operating knowledge base.
• Participate in post-incident activities and contribute to lessons learned to improve security operations.
• Provide support in preparation of management threat reports and briefings, and recommendations.
• Provide sound technical recommendations that enable remediation of security issues.
• Partner with security engineering to develop and refine SIEM correlation rules.
• Utilize advanced threat models, SIEM use cases, and incident response playbooks.

Required Skills and Qualifications:

• Bachelor's degree from an accredited college or university with a major in computer science, information systems, engineering, business, or a related scientific or technical disciplines. Master's Degree is preferred.
• CompTIA CySA+ certification/ or a CompTIA Security+ (or other relevant IAT Level II/III Certification) along with one of the following:

1. CEH
2. CFR
3. CCNA Cyber Ops
4. CCNA-Security
5. GCIA
6. GCIH
7. GICSP
8. Cloud+
9. SCYBER
10. PenTest+

• Experience analyzing intrusion events such phishing emails, malware, privileges misuse, traffic indicating potential malicious activities such DoS/DDoS, brute force, data loss through exfiltration/ inadvertent disclosure.
• Applied experience of threat analysis model/frameworks such Cyber Kill Chain, MITRE ATT&CK, Diamond Model, Pyramid of Pain etc.
• Working knowledge of advanced threat Tactics, Techniques and Procedures (TTPs).
• Applied experience with network traffic analysis with tools like Wireshark
• Applied experience with a variety of Opensource threat research tools/platforms such as Virus Total
• Working knowledge of network and security architecture principles such as defense-in-depth
• Experience with proprietary security protection/detections tools such as Firewall, Host and Network IDS/IPS, Anti-Virus, EDR, URL Filtering Gateways, Email Filtering Gateways, DLP tools, and SIEM tools such as Splunk etc.
• Capable of working independently, establishing priorities and managing task completion within set SLAs
• Able to communicate effectively through writing, speaking, and presenting to client technical representatives.
• Team player capable of productively contributing to the client mission by supporting fellow teammates in a dynamic growing and changing environment.

Desired Skills and Qualifications:

• Experience with mid-to-advance level malware analysis
• Experience creating detailed queries and scripts, such as regular expressions, for log, event and correlation analysis.
• Experience scripting in Python, PowerShell, VBScript