SOC Analyst

About The Position

Requirements

• Candidate must have a minimum of 2-4 years of experience as an analyst in a SOC or similar environment.
• Working knowledge of SOC tools and their usage for detecting intrusion attempts.
• Demonstrated experience creating custom intrusion signatures to detect specific network traffic anomalies.
• Demonstrated experience in populating sensors with newly available signatures when responding to events or management requests.
• Knowledge of potential threat reporting and tracking by means of at least one large-scale ticketing system (ServiceNow, CAPRS, or other similar system).
• Ability to utilize email, instant messaging, and other monitoring tools to effectively navigate through the incident response process.
• Strong oral presentation skills and the ability to articulate English in a clear and concise manner.
• Demonstrated experience with Windows Operating System and Microsoft 365 tools.
• High School Diploma accompanied with related advanced training and certifications in cybersecurity or a related field. BS/BA degree preferred.
• Must have at least one of the following certifications: CompTIA Network+, CompTIA Security +, or CompTIA CySA+.
• Documented proof of certifications is required prior to the start of employment.
• Experience with Windows Operating System and Microsoft 365 tools.
• Great written and oral communication skills, with the ability to convey complex information clearly and effectively.
• Must live within a 2-hour commute of the designated Security Operations Center for which they are applying.

Nice To Haves

• Bachelor’s or master’s degree in computer science, or cybersecurity, or information technology.
• Other advanced certifications such as Cybersecurity Analyst+ (CySA+), Certified Ethical Hacker (CEH), GIAC Security Operations Certified (GSOC), etc.
• Home lab setup and participation in training platforms like TryHackMe or similar

Responsibilities

• Providing 24/7/365 monitoring and analysis of security event alerts across the enterprise network.
• Monitoring agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Information and Event Management logs.
• Reviewing incoming alerts, investigating, and ticketing all identified potential security threats using agency incident response ticketing platform.
• Prioritizing all incoming alerts and respond accordingly in a timely manner.
• Validating traffic and/or network activity (per alerts/logs) as anomalous in accordance with agency standards and procedures.
• Identifying, investigating, and escalating potential security threats to senior agency resources when needed.
• Measuring and modeling traffic, while identifying patterns and ports.
• Producing reports, both contractual and ad hoc, providing information on events, trends, issues, and activity as requested by the federal customer.
• Providing data for inclusion in the agency’s CISA report.
• Utilize OSINT tools to identify and mitigate potential cybersecurity threats to the customer’s network.
• Identifying the necessity for, and implementation of, the creation of new intrusion detection signatures.

Benefits

• health insurance
• dental and vision insurance
• 401K with company matching
• flexible spending accounts
• paid holidays
• three weeks paid time off