Scope of the project: This specific Statement of Work is for a Cyber SOC Lead Analyst to prevent, detect, investigate, and assist in directing remediation to cyber-attacks and threats against organization enterprise applications, networks, and services by investigating indicators of suspicious and malicious activity, and proactively discovering threats to organization. Individual must have 3 – 7 years’ experience as part of or ideally leading a CSIRT, CERT, SOC or Investigations team, including extensive SIEM experience. Preference is QRadar. This position requires previous security operational center experience – monitoring, investigating, alerting, and reporting security threats. It also requires previous experience in developing SOPs and documentation to help implement ITIL best practices and the NIST 800-53 framework. Candidate will be required to explain previous experience in the following: – Oversight and development of Use Cases, Playbooks/Runbooks, SOP. – Network vulnerability and compliance scanning – Review and interpretation of the results thereof – Determination of severity and urgency when evaluating risk – Working with system owners to determine if and when corrective action will be taken. You will have a technical lead role, supporting the SOC I Analysts to find the threat actors attempting to attack SCDOR infrastructure. You will need to be a technical and professional leader, someone who enjoys training and mentoring teammates, and a person who can encourage and elevate the team. |
Daily Duties / Responsibilities: The Cyber SOC Lead Analyst will ensure the effective operations of the SOC through the following: Technical - Proactively search for active intrusions in
the SCDOR environment, recognizing potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information - Work closely with escalation points to close
out complex investigation - Conducting holistic, investigative analysis
and rating the risk associated with observed activity - Review investigation escalations from SOC
Analysts to ensure accurate analysis and provide advice/mentorship - Refine and develop dashboards, queries and
reports to continuously improve security situational awareness - Maintain SOC documentation, procedures,
processes and hardware and software inventory detail - Demonstrate a sound understanding of security
technologies and their function within a networked environment - Adhere to corporate information security
guidelines and promote information security among coworkers - Develop reports (manual and
automated) to support the development, collection, and reporting of Quality Assurance and Performance metrics.
- Performs other duties and special projects as
assigned.
Non-Technical - To demonstrate highly technical
thinking and knowledge, inspire confidence and credibility within a team - Time management on multiple
investigations, prioritizing - Appetite to develop an understanding
of most investigations, cyber threats and computer forensics. - Taking control of high pressure
situations and the attention to detail to precisely find the source - A good team ethos and drive and be a self-starter.
- The ability to work unsupervised and
under pressure - Excellent verbal and written
communication skills - Provide
feedback to team regarding product issues, enhancements and new features. - Ability
to ask pertinent questions of others. - Proactively
seek to identify, communicate and implement process related improvements. - Effectively
manage multiple tasks and activities concurrently and able to provide periodic status updates to key stakeholders - Collaborate
extensively with peers and management to resolve client issues while actively contributing to a growing knowledge network that improves the effectiveness of our team and the information available to our clients. - Prioritize
numerous issues of varying severity, and effectively manage the resolution of all issues within accepted service levels. This includes ownership of the data entered into the Helpdesk system and appropriately updating both client and appropriate employees of status of all issues on a timely basis. - Good
customer skills, be attentive to detail, and responsive to customer tickets
- Performs
other duties and special projects as assigned.
|
Required Skills (rank in order of Importance): - A
sound knowledge of IT security procedures, common attack types and detection / prevention methods. - Demonstrable
experience of analyzing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviors - Good
understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP) - In
depth experience of other common devices, such as routers, switches, hubs - Investigate
problems escalated from Tier I. - Refine
existing Use Cases/Playbooks, creating new Use Cases/Playbooks, - Refine
and Create workflows in Incident Management Tools - Organizational
Skills - Verbal
Communication Skills - Written
Communication Skills
| Preferred Skills (rank in order of Importance): - Java,
Python, PowerShell - Understanding
of technical and security domains fundamental to Investigation and Incident Response. - Experience
in setting up, improving a SOC or experience implementing SOC reporting and governance - Experience
of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. - Experience
with Palo Alto, Active Directory, VmWare, QRadar, PCap, Putty, - Experience
with SOC automation and workflow products such as IBM Resilient - STIG
Hardening - Experience
in projects involving Pub1075 regulations, implementations and / or audits - Hybrid
Cloud Architecture - Hyperconverged
Infrastructure
|
Required Education/Certifications: - A Bachelor’s degree in
information technology systems, computer science, or related field and two (2) years of experience in information technology systems or related area, an Associate’s degree in information technology systems, computer science, or related field and four (4) years of experience in information technology systems or related area, or a High School diploma and six (6) years of experience in information technology systems or related area.
| Preferred Education/Certifications: .
Preferred Industry Certifications in field. - GCIH,
GCTI, GCCC, GCWN, GSEC, CEH, GCIA, GCFA, GCFE, GREM, CCIM, CFCE, CCE, CIFI, CHFI, CCNA, CCNA Cyber Ops - IBM
Certified Associate Analyst – Security QRadar SIEM
|
| |