Role: SOC Analyst
Location: Austin, TX, onsite
Two roles:
Tier 2: 3-5 years experience
Tier 3: 5+ years of experience
Responsibilities:
Tier 2 Analysts additional responsibilities:
- Determining service impact of security events.
- Alerting customers to possible malicious activity.
- Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Receive and analyze security alerts from various sources within the enterprise and determine possible causes of such alerts.
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, or misuse activities; and distinguish these incidents and events from benign activities.
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
- Assists in developing cybersecurity recommendations to Tier 3 based on, significant threats and vulnerabilities, or observations of the environments.
- Work security tickets within established SLAs and escalate to Customer or Tier 3 as needed, establish false positive, or contact customer as needed.
- Engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.
- Provide support, guidance, and mentorship to other SOC personnel.
- Contribute as needed to the creation of process documentation and training materials.
- Support after business-hours operations, to include evenings after 5pm and overnights as well as weekends and holidays.
Candidate Requirements
Candidate should have strong communications skills, both written and verbal. Be comfortable communicating with teammates, customer technical personnel, and client Leads and/or Managers.
The preferred candidate is REQUIRED to have:
- Three (3) to five (5) years of Security Incident Response, Security Operations Center, and/or threat analysis experience
- Demonstrated experience using either an enterprise and/or cloud Security SIEM technologies as an analyst
- Ability to support and work across multiple customer and bespoke systems
- Must be able to pass a CJIS background check process and other background checks to comply with customers contracts
- Strong Documentation (SOP/Standard Operations Procedure) development
- Understanding of Ticket Flow
- Strong Trouble Shooting Skills
- Understanding of how to read inbound and outbound traffic
- Complete basic safety and security training to meet the customer requirements
- Ability to work a set schedule that support after normal business-hours operations to include weekends and holidays.
- CompTIA Security + certification (equivalent or higher)
Candidate Preferred Requirements
The Preferred candidate holding one or more of the industry certifications will be a plus.
- Certified Ethic Hacker (CEH) or equivalent
- CompTIA Cybersecurity Analyst (CySA+) or equivalent (Blue Team L1)
- Splunk Power User Certification, Devo Platform User Certification, or Netwitness Logs and Network Analyst Certification
- Other Certs such as CompTIA Networking+, any cloud or cloud tool certifications, Devo, Splunk, Azure Sentinel, etc.
Qualifying Experience and Attributes
- Experience with one or more SIEM: RSA Netwitness, Splunk, MS Sentinel, Q-Radar, ArcSight, etc.
- Able to use the internet to do research on events of interest.
- Familiar with the cyber kill chain.
- Familiar with Mitre ATT&CK and Mitre D3FEND
- Familiar with common cybersecurity frameworks, regulations, and compliance standards
- Working knowledge of cybersecurity and privacy principles.
- Working knowledge of cyber threats and vulnerabilities.
- Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
- Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
- Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of incident response and handling methodologies.
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of escalation, incident management and change management processes and procedures of a SOC.
- Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, Ixia, tcpdump).
--
Asher Williams
Desk: 2o1.497.1o1o X:1o5 | Direct: 551.272.o129
asher (at) pullskill dot com
Never miss an opportunity! Create an alert based on the job you applied for.
