SOC Tier 3 Analyst

Overview

Hybrid
Depends on Experience
Full Time
No Travel Required

Skills

IOC
NetFlow
Network Architecture
TCPDump
Threat ModelingExperience
Wireshark
Malware
Information Assurance
Network SwitchesExperience
firewalls

Job Details

Who we are:

ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a work hard, play hard mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we're looking for:

We are seeking a SOC Tier 3 Analyst who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The SOC Tier 3 Analyst will have the opportunity to be exposed to all aspects of support to a federal client and will be encouraged to grow as the organization expands.

What you'll be doing:

  • Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in network and on host
  • Find evidence of attack, and attackers actions thereafter
  • Work with team to produce effective countermeasures against found evidence. Also, contributes to mitigations for future attacks of a similar nature
  • Follow Security Operations Center (SOC) policies, procedures for incident reporting and management. Create a detailed Incident Report (IR) and contribute to lessons learned
  • Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
  • Work with SOC team to help contain intrusions
  • Generates documentation as required by the Client
  • Thorough understanding of network protocol behaviors. Ability to understand NetFlow and PCAP
  • Thorough knowledge of open-source tools to visualize PCAP data (Wireshark, TCPDump, etc.)

What you need to know:

  • Experience and understanding of Network Switches
  • Experience and understanding of Network Architecture and Design
  • Experience and understanding of Threat Modeling
  • Experience and understanding of Malware Engineering
  • Experience in Microsoft Sentinel including but not limited to:
    • Developing and creating analytic rules
    • Alert tuning
    • Creating and leveraging workbooks and developing new metrics
    • Strong knowledge in KQL queries.

Must have's:

  • Ability to support working hours: 8:45 AM - 5:15 PM Eastern Time
  • Ability to participate in a rotating SOC on-call; rotation is based on number of team members
  • Minimum of Twelve (12) years technical experience
    • 7+ years of SOC
    • 3+ years of rule development and tuning experience
    • 1+ years Incident response
  • Ability to obtain federal agency required clearance

Beneficial to have the following:

  • GIAC-GCIH Global Certified Incident Handler
  • GIAC-GCFE - Global Information Assurance Certification Forensic Examiner
  • GIAC-GCFA - Global Information Assurance Certification Forensic Analyst
  • GIAC-GREM - GIAC Reverse Engineering Malware
  • GIAC-GNFA - GIAC Network Forensic Analyst
  • GIAC-GCTI - GIAC Cyber Threat Intelligence
  • GIAC-GPEN GIAC Certified Penetration Tester
  • GIAC-GWAPT GIAC Certified Web Application Penetration Tester
  • CEPT - Certified Expert Penetration Tester (CEPT)
  • CASS - Certified Application Security Specialist (CASS)
  • CWAPT - Certified Penetration Tester (CWAPT)
  • CREA - Certified Reverse Engineering Analyst (CREA)

Where it's done:

  • 1-2 days per week on client site in Washington, D.C (between Tues, Wed, Thurs) during core business hours of 8:00am-5:00pm. Remaining work days can be remote.