1099/C2C Opportunity
This is a 100% remote job supporting a US Federal Government client. No security clearance required, but candidate must be located in the United States.
Required Experience / Skills:
- Minimum of nine (9) years technical experience
- 7+ years of experience in SOC, security operations, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities.
- 3+ years of rule development and tuning experience
- 1+ years of Incident response
- Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the MITRE ATT&CK Framework
- Experience supporting 24x7x365 SOC operations including but not limited to Alert and notification activities- analysis/triage/response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents
- Support alert and notification triage, review/analysis through resolution / close
- Manage multiple tickets/alerts in parallel, including end-user coordination
- Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
- Solid understanding and experience analyzing security events generated from security tools and devices not limited to FireEye, Elastic, SourceFire, Malware Bytes, CarbonBlack/Bit9, Splunk, Prisma Cloud/Compute, Cisco IronPort, BlueCoat
- Experience and solid understanding of Malware analysis
- Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
- Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
- In-depth experience with processing and triage of Security Alerts from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
- Experience with scripting languages applied to SOC operations; for example, automating investigations with tools, automating IOC reviews, support SOAR development
- Experience with bash, python, and Windows Powershell scripting
- Demonstrated experience with triage and resolution of SOC tasks, including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis
- Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
- Demonstrated experience with the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools
- Demonstrated proficiencies with an enterprise SIEM or security analytics solution, including the Elastic Stack or Splunk.
- Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
- Experience and solid understanding of Malware analysis
- Understanding of security incident response processes
Required Certifications: Two of the following certifications are required:
- GIAC-GCIH – Global Certified Incident Handler
- GIAC-GCFE - Global Information Assurance Certification Forensic Examiner
- GIAC-GCFA - Global Information Assurance Certification Forensic Analyst
- GIAC-GREM - GIAC Reverse Engineering Malware
- GIAC-GNFA - GIAC Network Forensic Analyst
- GIAC-GCTI - GIAC Cyber Threat Intelligence
- GIAC-GPen – GIAC Certified Penetration Tester
- GIAC-GWAPT – GIAC Certified Web Application Penetration Tester
- CEPT - Certified Expert Penetration Tester (CEPT)
- CASS - Certified Application Security Specialist (CASS)
- CWAPT - Certified Penetration Tester (CWAPT)
- CREA - Certified Reverse Engineering Analyst (CREA)
Responsibilities:
- Working hours: 8:45 AM - 5:15 PM Eastern Time
- Participate in a rotating SOC on-call; rotation is based on the number of team members
- Provide first-line SOC support with timely triage, routing and analysis of SOC tasks
- Researches, develops, and monitors custom visualizations
- Researches, analyzes, and writes documents such as cybersecurity briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives
- Tunes and develops SIEM correlation logic for threat detection
- Ensures documentation is accurate and complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
- Develop scripts using Python to automate IR functions, including (but not limited to) IOC ingestion and SIEM integration via REST APIs to minimize repetition of duties and automate tasks.
- Produce and review aggregated performance metrics
- Perform Cyber Threat Assessment and Remediation Analysis
- Processing, organizing, and analyzing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
- Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
- Investigate network and host detection and monitoring systems to advise engagement processes
- Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
- Participate in on-call rotation for after-hours security and/or engineering issues
- Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
- Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
- Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection
- Participate in on-call rotation for after-hours security and/or engineering issues
- Collaborate with incident response team to rapidly build detection rules as needed
- Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis/triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents
- Perform analysis across all security tools, uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods
- Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate
- IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarmsReview and reporting on anomalous patterns (Hunting) across all security tools / SIEM
- Develop in in-depth understanding of customer and SOC operations requirements and policies
- Ensure reports are properly entered into the tracking system
- Perform customer security assessments
- Supporting incident response or remediation as needed
- Participate and develop and run tabletop exercises
- Perform lessons learned activities
- Supporting ad-hoc data and investigation requests
- Composing reports, updates, security alert notifications or other artifacts and documents as needed
Job Types: Full-time, Contract
Pay: $100.00 per hour
Expected hours: 40 per week
Compensation package:
- 1099 contract
Experience level:
- 9 years
Schedule:
- Day shift
- Monday to Friday
Application Question(s):
- Are you open to 1099/C2C subcontract employment?
Experience:
- SOC: 7 years (Required)
License/Certification:
- GIAC Certification (Preferred)
Work Location: Remote