Title: SOC Incident Response / Tier 2 Specialist (senior)
Location: Rockville, MD (50% remote after 90 days)
CyberData Technologies Inc. is currently hiring an experienced Incident Response specialist with cyber security policy assessment experience for our federal client located in Rockville, MD. The Incident Response Specialist will be tasked with a variety of assessment and analysis duties, including:
SOC/IR Engineer: Job functions will be split: 70% SOC Engineer, and 30% SOC Analyst work.
- Strong analytical and investigation skills & active threat hunting and adversary tracking.
- Experience with IDS/IPS technologies such as SourceFire and Palo Alto Firewalls. Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
- Experience with FireEye technologies, such as NX, HX, AX.
- Experience with various EDR solutions.
- Experience with troubleshooting in an Active Directory environment. A solid understanding of Windows 2012/2016 Server, Windows 7/10, the Microsoft registry, remote administration, and other MS products.
- Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.
- Solid experience with TCP/IP protocols and ports.
- SOC analysis and SIEM experience with Splunk. Candidate should be able to write basic Splunk queries, create dashboards and reports, and be familiar with Splunk Enterprise Security (ES).
- Experience with sniffers, packet capture and netflow tools including Wireshark (required)
- Candidate should be able to efficiently gather and analyze data with these tools to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
- Experience in Information Security and with the use of security devices.
- Write custom scripts using Python (preferred) and Powershell to automate certain tasks.
- Candidates with Splunk certifications are preferred (i.e. Power User, Admin, etc.)
- IPv6 experience a plus
- Preferably firewall and ACL experience.
- Experience with NetWitness a plus
CyberData Technologies, Inc., is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.