SOC Analyst

Job Title: SOC Analyst

Duration: 12+ Months W2 Contract to Hire

Location: Zebulon, NC (Onsite 5 days per week) from 11pm - 7am EST

Required Pay Scale: $70/hr

***Due to client requirements this role is only open to USC or GC candidates***

Project:

Next Generation Cyber Monitoring & Response

Notes:

This is an overnight SOC Analyst role with 3rd shift hours - 11pm - 7am EST and onsite in Zebulon, NC every shift.

Responsibilities:

• The AWS Cloud DFIR Consultant is responsible for maturing the organization's AWS-Specific DFIR (Digital Forensics & Incident Response) capabilities. Objective is to bring advanced external expertise to the organization to consult on routine cyber investigations and incidents, especially around Cloud.
• The role will also deliver specific deliverables including, but not limited to:
• Platform Guides for AWS
• Detailed Knowledge Base Entries
• SIEM Cloud-Specific Data Source Enumeration
• Enumerate and request specific cloud privileges for monitoring & IR functions.
• Enhance existing SOC Runbooks for the cloud.
• Contribute to tuning of cloud alerts.

Must Haves / Required Skills:

• AWS
• Understanding of the most popular cloud concepts.
• Understanding of key cloud resources and logs used to facilitate incident response and forensics.
• This role must have a strong knowledge of windows internals and cloud (namely AWS) to effectively threat hunt and respond to advanced attacks.
• The ability to quickly identify nefarious artifacts versus benign activity will be a key skill for this position.
• Extensive hands-on experience conducting cyber incident investigations in Amazon AWS (Azure considered as well)
• Experience developing high-quality deliverables about deep technical concepts.
• Conduct cyber investigations for escalated and challenging computer security incidents using:
• computer forensics
• network forensics
• root cause analysis
• malware analysis.
• Participate in the creation and maintenance of use cases for recurring investigation/incident triggers
• Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers
• Interface with other teams in Information Security (e.g. network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.
• Identify new threat tactics, techniques and procedures used by cyber threat actors.
• Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.
• Experience working with Splunk or Crowdstrike

Skills / Experience That Are A Plus

• Experience working in cloud environments, namely Microsoft Azure
• Industry certifications in general technology and security (e.g. Network+, Security+, CySA+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, etc.)
• Industry certifications in cyber forensics and incident response, such as GIAC Cloud Forensics Responder (GCFR), Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), and other related credentials
• Demonstrated technical leadership experience