Lead SOC Analyst

Overview

Remote
$100,000 - $120,000
Full Time
No Travel Required

Skills

Incident Management
Network Monitoring
Security Operations Center
Communication
SOC
Organized
Reporting
Threat Analysis
Cyber Security
Digital Forensics

Job Details

Contract-to-Hire Position

100% Remote

Notes from Intake with Hiring Manager:
Lead SOC Analyst (it was called a Cybersecurity Incident Response Analyst III but Lead Soc Analyst is a better title)
Experience overseeing 3rd party SOCs.
They use managed services running their SOC but has be a leader to work with the vendor and wrangle people.
Only has to handle 5-10 escalated tickets but has to be thorough.
Maybe someone who has worked in a smaller shop who has had to handle many duties. Needs to be well-rounded.
Summary of Position:


Under general direction of the Manager, Cybersecurity Operations, the Cybersecurity Incident Response Analyst III is responsible for performing the tasks that support incident detection, incident response, digital forensics, and threat intelligence capabilities across the organization.

The Cybersecurity Incident Response Analyst performs real-time cybersecurity event analysis and incident handling activities in order to identify, contain, and mitigate cybersecurity incidents relevant to the organization. The role conducts incident preparedness activities to ensure the organization is positioned to respond to cybersecurity incidents in a manner that maximizes the survival of life, preservation of property, and information security. The Cybersecurity Incident Response Analyst is responsible for documenting cybersecurity incident activity from initial detection through recovery.

The Cybersecurity Incident Response Analyst performs cybersecurity incident triage tasks, including determining scope, urgency, and potential impact; identifies specific vulnerabilities exploited; and makes recommendations that enable expeditious remediation. The role performs command and control tasks to support interdepartmental virtual incident response team activities.

The Cybersecurity Incident Response Analyst performs digital forensics duties for the organization. Digital forensics duties entail investigations of computer-based incidents, establishing documentary evidence, including digital media and logs associated with cyber incidents.

The Cybersecurity Incident Response Analyst also operates the organization's threat intelligence capabilities which includes monitoring and developing cyber indicators to maintain awareness of the threat status across a highly dynamic operating environment. The role collects, processes, analyzes, and disseminates cyber threat alerts & warnings.
Minimum Qualifications:

  • Formal Education Required:Bachelor s Degree or equivalent in Computer Science, Cybersecurity, IT, or Engineering or equivalent combination of education and/or experience.

  • Experience & Training Required: Seven (7) years information security experience; Seven (7) years of IT related experience; Experience working in a complex healthcare environment.

Certifications required:

  • CompTIA Security+ (or equivalent), GIAC Incident Handler (GCIH) (or equivalent), or

CompTIA CASP (or equivalent)

Certifications preferred:

GIAC Certified Forensic Analyst (GCFA) (or equivalent)

Other Skills, Competencies and Qualifications:

  • Advanced knowledge of computer networking concepts and protocols, and network security methodologies.
  • Advanced knowledge of front-end collection systems, including network traffic collection, filtering, and selection.
  • Advanced knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Advanced knowledge of what constitutes a network attack and a network attack s relationship to both threats and vulnerabilities.
  • Advanced knowledge of incident response and handling methodologies.
  • Advanced knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g., historical country-specific TTPs, emerging capabilities).
  • Advanced knowledge of cyber threats and vulnerabilities.
  • Advanced knowledge of incident categories, incident responses, and timelines for responses.
  • Advanced knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Advanced knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
  • Advanced knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
  • Advanced knowledge of security event correlation tools.
  • Advanced knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • Advanced knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
  • Intermediate knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Intermediate knowledge of cybersecurity and privacy principles.
  • Intermediate knowledge of server and client operating systems.
  • Intermediate knowledge of how to extract, analyze, and use metadata.
  • Intermediate knowledge of malware.
  • Basic knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Basic knowledge of data backup and recovery.
  • Basic knowledge of encryption algorithms
  • Advanced skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
  • Advanced skill in using security event correlation tools.
  • Advanced skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
  • Advanced skill in using forensic tool suites.
  • Advanced skill in analyzing anomalous code as malicious or benign.
  • Advanced skill in processing digital evidence, to include protecting and making legally sound copies of evidence.
  • Advanced skill in performing packet-level analysis.
  • Advanced skill in evaluating information for reliability, validity, and relevance.
  • Advanced skill in identifying cyber threats which may jeopardize organization and/or partner interests.
  • Advanced skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
  • Advanced skill in using scientific rules and methods to solve problems.
  • Intermediate skill in analyzing volatile data.
  • Intermediate skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.
  • Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • Ability to evaluate information for reliability, validity, and relevance.
  • Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
  • Ability to function effectively in a dynamic, fast-paced environment.
  • Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts both internal and external to the organization to leverage analytical and technical expertise.
  • Ability to think critically.
  • Ability to think like threat actors.
  • Ability to develop productive working relationships with a broad range of business, clinical, and operational professionals.
  • Ability to negotiate resolutions for conflicting security and business objectives.
  • Ability to take direction and operate independently in highly ambiguous situations.
  • Ability to effectively interact with populations of patients/customers with an understanding of their needs for self-respect and dignity.

Essential Functions:
The following job specific requirements should discuss the essential duties and responsibilities required of the position. They should not replicate those duties and responsibilities discussed above.

  1. Cybersecurity Incident Detection- Performs analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Receives and analyzes network alerts from various sources within the enterprise and determine possible causes of such alerts. Reports intelligence-derived significant network events and intrusions. Captures and analyzes network traffic associated with malicious activities using network monitoring tools.
  2. Cybersecurity Incident Response - Performs real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Coordinates incident response activities across a multi-disciplinary team. Tracks and documents cyber defense incidents from initial detection through final resolution. Collects intrusion artifacts (e.g., source code, malware, Trojans) and uses discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Collects and analyzes intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Performs timeline analysis. Writes and publishes after action reviews. Maintains deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission.
  3. Digital Forensics - Performs initial, forensically sound collection of images and inspects to discern possible mitigation/remediation on enterprise systems. Creates a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, thumb drives, etc. Provides technical assistance on digital evidence matters to appropriate personnel.
  4. Cybersecurity Threat Intelligence - Manages the monitoring of information security data sources to maintain organizational situational awareness. Manages threat or target analysis of cyber defense information and production of threat information within the enterprise. Identifies threat tactics, and methodologies. Monitors and reports on validated threat activities. Provides current intelligence support to critical internal/external stakeholders as appropriate. Provides timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities.
  5. Reporting -Provides technical summaries of findings in accordance with established reporting procedures.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.