SOC Job

This is for a SOC Level III position.  Please email resumes to info@eits.com

Scope of the
project:

This
specific Statement of Work is for a Cyber SOC Lead Analyst to prevent,
detect, investigate, and assist in directing remediation to cyber-attacks and
threats against organization enterprise applications, networks, and services
by investigating indicators of suspicious and malicious activity, and
proactively discovering threats to organization.  Individual must have 3
– 7 years’ experience as part of or ideally leading a CSIRT, CERT, SOC or
Investigations team, including extensive SIEM experience.  Preference is
QRadar.

This
position requires previous security operational center experience –
monitoring, investigating, alerting, and reporting security threats.  It
also requires previous experience in developing SOPs and documentation to
help implement ITIL best practices and the NIST 800-53 framework. 

Candidate
will be required to explain previous experience in the following:

–          
Oversight and development of Use Cases, Playbooks/Runbooks, SOP.

–          
Network vulnerability and compliance scanning

–         
Review and interpretation of  the results thereof

–          
Determination of severity and urgency when evaluating risk

–          
Working with system owners to determine if and when corrective action will be
taken.

You will have a technical lead role, supporting the SOC I
Analysts to find the threat actors attempting to attack SCDOR
infrastructure.  You will need to be a technical and professional
leader, someone who enjoys training and mentoring teammates, and a person who
can encourage and elevate the team.

Daily Duties /
Responsibilities:

The Cyber
SOC Lead Analyst will ensure the effective operations of the SOC through the
following:

Technical        

  • Proactively search for active intrusions in
    the SCDOR environment, recognizing potential, successful, and
    unsuccessful intrusion attempts and compromises thorough reviews and
    analyses of relevant event detail and summary information
  • Work closely with escalation points to close
    out complex investigation
  • Conducting holistic, investigative analysis
    and rating the risk associated with observed activity
  • Review investigation escalations from SOC
    Analysts to ensure accurate analysis and provide advice/mentorship
  • Refine and develop dashboards, queries and
    reports to continuously improve security situational awareness
  • Maintain SOC documentation, procedures,
    processes and hardware and software inventory detail
  • Demonstrate a sound understanding of security
    technologies and their function within a networked environment
  • Adhere to corporate information security
    guidelines and promote information security among coworkers
  • Develop reports (manual and
    automated) to support the development, collection, and reporting of
    Quality Assurance and Performance metrics.
              
  • Performs other duties and special projects as
    assigned.

Non-Technical            

  • To demonstrate highly technical
    thinking and knowledge, inspire confidence and credibility within a team
  • Time management on multiple
    investigations, prioritizing 
  • Appetite to develop an understanding
    of most investigations, cyber threats and computer forensics.
  • Taking control of high pressure
    situations and the attention to detail to precisely find the source
  • A good team ethos and drive and be a self-starter.
  • The ability to work unsupervised and
    under pressure
  • Excellent verbal and written
    communication skills
  • Provide
    feedback to team regarding product issues, enhancements and new
    features.       
  • Ability
    to ask pertinent questions of others.  
  • Proactively
    seek to identify, communicate and implement process related
    improvements.
  • Effectively
    manage multiple tasks and activities concurrently and able to
    provide  periodic status updates to key stakeholders
  • Collaborate
    extensively with peers and management to resolve client issues while
    actively contributing to a growing knowledge network that improves the
    effectiveness of our team and the information available to our clients.
  • Prioritize
    numerous issues of varying severity, and effectively manage the
    resolution of all issues within accepted service levels. This includes
    ownership of the data entered into the Helpdesk system and appropriately
    updating both client and appropriate employees of status of all issues
    on a timely basis.
  • Good
    customer skills, be attentive to detail, and responsive to customer
    tickets               
  • Performs
    other duties and special projects as assigned.

 

Required Skills (rank in order of
Importance):

 

  • A
    sound knowledge of IT security procedures, common attack types and
    detection / prevention methods.
  • Demonstrable
    experience of analyzing and interpreting system, security and
    application logs in order to diagnose faults and spot abnormal behaviors
  • Good
    understanding of application protocols (HTTP, DNS, FTP, etc.) and
    networking protocols (TCP, UDP, ARP)
  • In
    depth experience of other common devices, such as routers, switches,
    hubs
  • Investigate
    problems escalated from Tier I.
  • Refine
    existing Use Cases/Playbooks, creating new Use Cases/Playbooks,
  • Refine
    and Create workflows in Incident Management Tools
  • Organizational
    Skills
  • Verbal
    Communication Skills
  • Written
    Communication Skills

Preferred Skills
(rank in order of Importance):

 

  • Java,
    Python, PowerShell
  • Understanding
    of technical and security domains fundamental to Investigation and
    Incident Response.
  • Experience
    in setting up, improving a SOC or
    experience implementing SOC reporting and
    governance
  • Experience
    of maintaining a secure enterprise network through configuring and
    managing typical Security Enforcing Devices, such as Firewalls, Proxies,
    IDS/IPS devices, HIDS/EPO.
  • Experience
    with Palo Alto, Active Directory,
    VmWare, QRadar, PCap, Putty,
  • Experience
    with SOC automation and workflow products such as IBM Resilient
  • STIG
    Hardening
  • Experience
    in projects involving Pub1075 regulations, implementations and / or
    audits
  • Hybrid
    Cloud Architecture
  • Hyperconverged
    Infrastructure

 

Required Education/Certifications:

 

  • A Bachelor’s degree in
    information technology systems, computer science, or related field and
    two (2) years of experience in information technology systems or related
    area, an Associate’s degree in information technology systems, computer
    science, or related field and four (4) years of experience in
    information technology systems or related area, or a High School diploma
    and six (6) years of experience in information technology systems or
    related area.   

 

Preferred
Education/Certifications:


Preferred Industry Certifications in field.   

  • GCIH,
    GCTI, GCCC, GCWN, GSEC
    , CEH,
    GCIA, GCFA, GCFE, GREM, CCIM, CFCE, CCE, CIFI, CHFI, CCNA, CCNA Cyber
    Ops
  • IBM
    Certified Associate Analyst – Security QRadar SIEM

 

 

 

 

Contact our sales team to learn more about Guardicore Centra Security features.