SOC Incident Response / Tier 2 Specialist (senior)

sourcefire, incident response, soc, soc ir, splunk, siem, soc engineer, cybersecruity
Full Time
Up to $190,000
Work from home not available Travel not required

Job Description

Title: SOC Incident Response / Tier 2 Specialist (senior)
Location: Rockville, MD (50% remote after 90 days)

 

CyberData Technologies Inc. is currently hiring an experienced Incident Response specialist with cyber security policy assessment experience for our federal client located in Rockville, MD. The Incident Response Specialist will be tasked with a variety of assessment and analysis duties, including:

SOC/IR Engineer: Job functions will be split: 70% SOC Engineer, and 30% SOC Analyst work.

Required:

  • Strong analytical and investigation skills & active threat hunting and adversary tracking.
  • Experience with IDS/IPS technologies such as SourceFire and Palo Alto Firewalls. Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
  • Experience with FireEye technologies, such as NX, HX, AX.
  • Experience with various EDR solutions.
  • Experience with troubleshooting in an Active Directory environment. A solid understanding of Windows 2012/2016 Server, Windows 7/10, the Microsoft registry, remote administration, and other MS products.
  • Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.
  • Solid experience with TCP/IP protocols and ports.
  • SOC analysis and SIEM experience with Splunk. Candidate should be able to write basic Splunk queries, create dashboards and reports, and be familiar with Splunk Enterprise Security (ES).
  • Experience with sniffers, packet capture and netflow tools including Wireshark (required)
  • Candidate should be able to efficiently gather and analyze data with these tools to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
  • Experience in Information Security and with the use of security devices.

 

Desired:

  • Write custom scripts using Python (preferred) and Powershell to automate certain tasks.
  • Candidates with Splunk certifications are preferred (i.e. Power User, Admin, etc.)
  • IPv6 experience a plus
  • Preferably firewall and ACL experience.
  • Experience with NetWitness a plus

CyberData Technologies, Inc., is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Dice Id : RTX146efa
Position Id : 6211657
Originally Posted : 1 month ago
Have a Job? Post it

Similar Positions

Incident Response and Forensics Analyst
  • Delta Risk Llc
  • Arlington, VA
Cyber Hunt & Incident Response Analyst
  • Axxum Technologies LLC
  • Arlington, VA
Senior Cyber Incident Response Analyst
  • Bering Straits Native Corporation
  • Washington, DC
Incident Response Analyst - Tier 2
  • Leidos
  • Alexandria, VA
Senior Incident Response Analyst (9am-6pm Shift)
  • NetCentrics Corp
  • Washington, DC
SOC Analyst
  • Vega Consulting Solutions
  • Washington D.c., DC
Cyber Incident Responder - Fusion
  • General Dynamics Information Technology
  • Reston, VA
Cyber Watch Analyst I
  • Perspecta
  • Chantilly, VA
Endpoint/Threat Detection Analyst (TS/SCI)
  • By Light Professional IT Services, Inc.
  • Fort Meade, MD
SOC Tier 3 Analyst
  • Experis
  • Greenbelt, Md, MD
Emerging Threat Analyst (Malware Triage)
  • Cornerstone RPO
  • Bowie, MD