SOC Incident Response / Tier 2 Specialist (senior)

sourcefire, incident response, soc, soc ir, splunk, siem, soc engineer, cybersecruity
Full Time
Depends on Experience
Travel not required

Job Description

Title: SOC Incident Response / Tier 2 Specialist (senior)
Location: Rockville, MD (50% remote after 90 days)

 

CyberData Technologies Inc. is currently hiring an experienced Incident Response specialist with cyber security policy assessment experience for our federal client located in Rockville, MD. The Incident Response Specialist will be tasked with a variety of assessment and analysis duties, including:

SOC/IR Engineer: Job functions will be split: 70% SOC Engineer, and 30% SOC Analyst work.

Required:

  • Strong analytical and investigation skills & active threat hunting and adversary tracking.
  • Experience with IDS/IPS technologies such as SourceFire and Palo Alto Firewalls. Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
  • Experience with FireEye technologies, such as NX, HX, AX.
  • Experience with various EDR solutions.
  • Experience with troubleshooting in an Active Directory environment. A solid understanding of Windows 2012/2016 Server, Windows 7/10, the Microsoft registry, remote administration, and other MS products.
  • Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.
  • Solid experience with TCP/IP protocols and ports.
  • SOC analysis and SIEM experience with Splunk. Candidate should be able to write basic Splunk queries, create dashboards and reports, and be familiar with Splunk Enterprise Security (ES).
  • Experience with sniffers, packet capture and netflow tools including Wireshark (required)
  • Candidate should be able to efficiently gather and analyze data with these tools to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
  • Experience in Information Security and with the use of security devices.

 

Desired:

  • Write custom scripts using Python (preferred) and Powershell to automate certain tasks.
  • Candidates with Splunk certifications are preferred (i.e. Power User, Admin, etc.)
  • IPv6 experience a plus
  • Preferably firewall and ACL experience.
  • Experience with NetWitness a plus

CyberData Technologies, Inc., is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Dice Id : RTX146efa
Position Id : 6211657
Originally Posted : 1 year ago
Have a Job? Post it

Similar Positions

SOC Tier II Analyst
  • CGI Group, Inc.
  • Rockville, MD
Tier 2 SOC Analysts
  • Base One Technologies
  • Washington D.c., DC
SOC Analyst
  • Apex Systems
  • Washington D.c., DC
Security Operations Center Analyst
  • ShorePoint, Inc
  • Herndon, VA
Jr SOC Analyst - Secret Cleared
  • Zachary Piper Solutions, LLC
  • Beltsville, MD
Incident Responder
  • H & R Computer Consulting Services
  • Washington D.c., DC
Junior Incident Responder
  • Dunhill Professional Search
  • Washington, Dc, DC
Security - Cyber Threat Analysts
  • Addison Group
  • Mclean, VA
Senior Cyber Security Threat Intelligence Analyst
  • Bering Straits Native Corporation
  • Washington, DC
CLEARED PERSONS ONLY Computer Forensic & Intrusion Analyst I
  • The Electronic On-Ramp Inc.(EOR)
  • Linthicum, MD
SOC Lead Manager
  • VariQ Corporation
  • Arlington, VA