Senior Soc Analyst

1099/C2C Opportunity

This is a 100% remote job supporting a US Federal Government client. No security clearance required, but candidate must be located in the United States.

Required Experience / Skills:

• Minimum of nine (9) years technical experience
• 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities.
• 3+ years of rule development and tuning experience
• 1+ years of Incident response
• Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the MITRE ATT&CK Framework
• Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents
• Support alert and notification triage, review/analysis through resolution / close
• Manage multiple tickets/alerts in parallel, including end-user coordination
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat
• Experience and solid understanding of Malware analysis
• Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
• Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
• Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development
• Experience with bash, python, and Windows Powershell scripting
• Demonstrated experience with triage and resolution of SOC tasks, including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis
• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
• Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools
• Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk.
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
• Experience and solid understanding of Malware analysis
• Understanding of security incident response processes

Required Certifications: Two of the following certifications are required:

• GIAC-GCIH – Global Certified Incident Handler
• GIAC-GCFE - Global Information Assurance Certification Forensic Examiner
• GIAC-GCFA - Global Information Assurance Certification Forensic Analyst
• GIAC-GREM - GIAC Reverse Engineering Malware
• GIAC-GNFA - GIAC Network Forensic Analyst
• GIAC-GCTI - GIAC Cyber Threat Intelligence
• GIAC-GPen – GIAC Certified Penetration Tester
• GIAC-GWAPT – GIAC Certified Web Application Penetration Tester
• CEPT - Certified Expert Penetration Tester (CEPT)
• CASS - Certified Application Security Specialist (CASS)
• CWAPT - Certified Penetration Tester (CWAPT)
• CREA - Certified Reverse Engineering Analyst (CREA)

Responsibilities:

• Working hours: 8:45 AM - 5:15 PM Eastern Time
• Participate in a rotating SOC on-call; rotation is based on the number of team members
• Provide first-line SOC support with timely triage, routing and analysis of SOC tasks
• Researches, develops, and monitors custom visualizations
• Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives
• Tunes and develops SIEM correlation logic for threat detection
• Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
• Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
• Produce and review aggregated performance metrics
• Perform Cyber Threat Assessment and Remediation Analysis
• Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
• Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
• Investigate network and host detection and monitoring systems to advise engagement processes
• Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
• Participate in on-call rotation for after-hours security and/or engineering issues
• Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
• Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
• Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection
• Participate in on-call rotation for after-hours security and/or engineering issues
• Collaborate with incident response team to rapidly build detection rules as needed
• Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis/triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents
• Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods
• Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate
• IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarmsReview and reporting on anomalous patterns (Hunting) across all security tools / SIEM
• Develop in in-depth understanding of customer and SOC operations requirements and policies
• Ensure reports are properly entered into the tracking system
• Perform customer security assessments
• Supporting incident response or remediation as needed
• Participate and develop and run tabletop exercises
• Perform lessons learned activities
• Supporting ad-hoc data and investigation requests
• Composing reports, updates, security alert notifications or other artifacts and documents as needed

Job Types: Full-time, Contract

Pay: $100.00 per hour

Expected hours: 40 per week

Compensation package:

• 1099 contract

Experience level:

• 9 years

Schedule:

• Day shift
• Monday to Friday

Application Question(s):

• Are you open to 1099/C2C subcontract employment?

Experience:

• SOC: 7 years (Required)

License/Certification:

• GIAC Certification (Preferred)

Work Location: Remote