Jr. SOC Analyst

Jr. SOC Analyst

Client: TriWest

POP: 12+ months

Location: Remote

REQUIRED SKILLS

• Bachelor s Degree + minimum 3 years working in a 24x7x365 SOC environment.
• DoD Approved 8570 certification REQUIRED such as: CompTIA Security+CE, CCNA-Security, CySA+**, GICSP, GSEC, CND, SSCP
• Analyzing system and network logs for security events, anomalies, and configuration issues.
• Experience working with SIEM technology to monitor and manage security events.
• Background in incident response, system/network operations and threat intelligence.
• Experience utilizing enterprise security technologies such as SIEM/SOAR, NGAV/EDR, Vulnerability Scanners, and Threat Intelligence Platforms.
• Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests.
• Understanding of possible attack activities such as network reconnaissance probing, DDOS, malicious code activity, etc.
• Experience SOC operations including but not limited to: Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents
• Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
• Experience and ability to use and follow Standard Operating Procedures (SOPs)
• In-depth experience with processing and triage of Security Alerts; from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
• Demonstrated experience with triage and resolution of SOC tasks; including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis
• Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
• Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools
• Demonstrated proficiencies with an enterprise SIEM or security analytics solution including the Elastic Stack or Splunk.
• Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Crowdstrike and Palo Alto
• Experience and solid understanding of Malware analysis
• Understanding of security incident response processes
• Understanding and experience with Federal Security Standards such as NIST and DoD
• Understanding and experience with FedRAMP Cloud Security Requirements

TASKS

• Perform 24x7x365 Security Monitoring, Analysis and Response
• Support incident investigations, response, and reporting
• Security Reporting
• Vulnerability Analysis
• SOC ticket queue management
• Document actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.