Cybersecurity Analyst Tier 2

As the Cyber Security Operations Center (CSOC) Tier 2 Team, you are responsible for overseeing and managing the activities of the Tier 2 Team in our client's Security Operations Center. Your role involves leading a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment at the Tier 2 Level. You play a critical role in analyzing and resolving cyber threats or escalating incidents for Tier 3 response as necessary.  Leadership skills, technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role. The physical worksite for this position is located in Rockville, MD.  May be open to a hybrid work schedule based on client approval.

Responsibilities:

• Respond promptly and effectively to security incidents and threats discovered by CSOC Analyst Level I and carry out effective Level II analysis of incidents.
• Remediation of incidents and escalation when necessary to Tier 3 support
• Initial assessment of the scope of the attack and affected systems
• Accurately document cases during investigations and effectively communicate findings to Level I Analyst or escalation team to ensure complete handover of work streams.
• Continuously improve incident management processes through periodic threat hunting exercises, knowledge optimization effort building, and by comprehensive diagnosis and analysis of incident trends.
• Follow the issue tracking, escalation policies and work effectively across all CSOC tiers as the technical competence requires.
• Dedicated monitoring and analysis of cyber security events by use of SOC tools
• Incident Response generation and reporting IAW established procedures.
• Provide Level II technical support in CSOC operations and activities.
• Provide daily/weekly updates on CSOC operations and developments.
• Conduct Forensic analysis and respond to data call activities.
• Generate quality technical reports containing methodologies, findings, and recommendations.
• Work with external stakeholders to understand operational needs and develop effective processes.
• Maintain a current understanding of industry trends, emerging cyber threats, and new solutions which may impact CSOC activities.
• Collaborate with CSOC SME to ensure optimal performance using CSOC technology.
• Identify, reverse engineering and de-obfuscating digital content related to an incident.

Qualifications:

• 5+ years of experience within a Level Tier 2 cybersecurity environment; experience in a leadership role is preferred.
• Bachelors in information technology, Computer Science, or a related field; or relevant, commensurate work experience
• Robust Certification Portfolio including Security+, Network+, CEH, Azure or Cloud Certification of any kind, and Splunk Core Certified Power User.
• Vulnerability/cyber incident management framework
• Experience with advanced technologies such as: Splunk SaaS, Splunk Enterprise Security, Splunk SaaS UBA, Crowdstrike, Tenable, Forescout, zScaler, Bigfix, MaaS-360 (IBM MaaS-360), and Encase for forensic investigations, Fireeye, Cortex XSOAR, Cortex XDR, and Prisma-Access
• Prior HHS experience a plus