SOC Analyst

Job Title: Security Operations (SOC) Analyst

Job Duration: Full-Time, Day-time Operating Hours

Location: Washington, DC (on-site)

Citizenship Required: US Citizenship

Clearance: Public Trust required (Confidential or higher preferred)

Responsibilities:

·       Monitoring and analysis: Monitor security alerts and logs from various sources (SIEM tools, firewalls, IDS/IPS, endpoint protection) to identify potential security threats and vulnerabilities.

·       Review all SOC data feeds, analytical systems, sensor platforms, and output from other SOC tool products.

·       Incident detection and response: Investigate and analyze security events to determine their severity, escalate incidents as needed, and take appropriate actions to contain and remediate threats.

·       Assess and prioritize security alerts based on their potential impact, actioning according to true threat or false positive determination and standard incident handling procedures.

·       Escalate and report potential incidents, creating and updating incident cases and tickets.

·       Vulnerability Assessment: Apply various antivirus, intrusion detection, DMA, and vulnerability assessment tools, techniques, and procedures.

·       Tune the SIEM and IDS/IPS events to minimize false positives.

·       Detect, prevent, and respond to threats posed by malicious, negligent, or compromised insiders, by maintaining in-depth visibility into the enterprise and having a means of filtering and prioritizing threat data into concise, actionable intelligence.

·       Threat hunting and analysis: Provide advanced analysis and adversary hunting support to operations in an effort to proactively uncover evidence of adversary presence on networks.

·       Collaborate with system owners and system administrators to holistically examine the security architecture and vulnerabilities of their systems, through security scans, examination of system configuration, review of system design documentation, and interviews.

·       Perform full-scope administration, management, and configuration, patching, upgrades and optimization of SOC tools, devices, and application systems, and servers and sensors.

·       Reporting: Create documentation and deliverables, including but not limited to, daily summary reports, Technical Evaluation Reports, Cyber Intelligence Reports, Vulnerability Assessment Report of Findings, Incident Assessment and Response Reports, and IT Security Division Tool Engineering Design Documentation.

Qualifications:

·       Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related technical field. OR equivalent combination of education, technical training, and/or work experience.

·       A combination of CompTIA Security and at least one of the following additional certifications: CySA , CSA, GSEC, CISSP, CEH, GCIH, CISM, CCSP, or CRISC.

·       Minimum of 3 years of experience in a security operations center, IT security, or network security role.

·       Hands-on experience with security tools (SIEM, firewalls, IDS/IPS, endpoint protection, vulnerability scanners).

·       Knowledge of networking protocols (TCP/IP, DNS, HTTP, etc.) and security technologies.

·       Understanding of cybersecurity frameworks (e.g. NIST) and SIEM platforms (Splunk, ArcSight, QRadar, etc.)