Scope of the
specific Statement of Work is for a Cyber SOC Lead Analyst to prevent,
detect, investigate, and assist in directing remediation to cyber-attacks and
threats against organization enterprise applications, networks, and services
by investigating indicators of suspicious and malicious activity, and
proactively discovering threats to organization. Individual must have 3
– 7 years’ experience as part of or ideally leading a CSIRT, CERT, SOC or
Investigations team, including extensive SIEM experience. Preference is
position requires previous security operational center experience –
monitoring, investigating, alerting, and reporting security threats. It
also requires previous experience in developing SOPs and documentation to
help implement ITIL best practices and the NIST 800-53 framework.
will be required to explain previous experience in the following:
Oversight and development of Use Cases, Playbooks/Runbooks, SOP.
Network vulnerability and compliance scanning
Review and interpretation of the results thereof
Determination of severity and urgency when evaluating risk
Working with system owners to determine if and when corrective action will be
You will have a technical lead role, supporting the SOC I
Analysts to find the threat actors attempting to attack SCDOR
infrastructure. You will need to be a technical and professional
leader, someone who enjoys training and mentoring teammates, and a person who
can encourage and elevate the team.
Daily Duties /
SOC Lead Analyst will ensure the effective operations of the SOC through the
- Proactively search for active intrusions in
the SCDOR environment, recognizing potential, successful, and
unsuccessful intrusion attempts and compromises thorough reviews and
analyses of relevant event detail and summary information
- Work closely with escalation points to close
out complex investigation
- Conducting holistic, investigative analysis
and rating the risk associated with observed activity
- Review investigation escalations from SOC
Analysts to ensure accurate analysis and provide advice/mentorship
- Refine and develop dashboards, queries and
reports to continuously improve security situational awareness
- Maintain SOC documentation, procedures,
processes and hardware and software inventory detail
- Demonstrate a sound understanding of security
technologies and their function within a networked environment
- Adhere to corporate information security
guidelines and promote information security among coworkers
- Develop reports (manual and
automated) to support the development, collection, and reporting of
Quality Assurance and Performance metrics.
- Performs other duties and special projects as
- To demonstrate highly technical
thinking and knowledge, inspire confidence and credibility within a team
- Time management on multiple
- Appetite to develop an understanding
of most investigations, cyber threats and computer forensics.
- Taking control of high pressure
situations and the attention to detail to precisely find the source
- A good team ethos and drive and be a self-starter.
- The ability to work unsupervised and
- Excellent verbal and written
feedback to team regarding product issues, enhancements and new
to ask pertinent questions of others.
seek to identify, communicate and implement process related
manage multiple tasks and activities concurrently and able to
provide periodic status updates to key stakeholders
extensively with peers and management to resolve client issues while
actively contributing to a growing knowledge network that improves the
effectiveness of our team and the information available to our clients.
numerous issues of varying severity, and effectively manage the
resolution of all issues within accepted service levels. This includes
ownership of the data entered into the Helpdesk system and appropriately
updating both client and appropriate employees of status of all issues
on a timely basis.
customer skills, be attentive to detail, and responsive to customer
other duties and special projects as assigned.
Required Skills (rank in order of
sound knowledge of IT security procedures, common attack types and
detection / prevention methods.
experience of analyzing and interpreting system, security and
application logs in order to diagnose faults and spot abnormal behaviors
understanding of application protocols (HTTP, DNS, FTP, etc.) and
networking protocols (TCP, UDP, ARP)
depth experience of other common devices, such as routers, switches,
problems escalated from Tier I.
existing Use Cases/Playbooks, creating new Use Cases/Playbooks,
and Create workflows in Incident Management Tools
(rank in order of Importance):
of technical and security domains fundamental to Investigation and
in setting up, improving a SOC or experience implementing SOC reporting and
of maintaining a secure enterprise network through configuring and
managing typical Security Enforcing Devices, such as Firewalls, Proxies,
IDS/IPS devices, HIDS/EPO.
with Palo Alto, Active Directory, VmWare, QRadar, PCap, Putty,
with SOC automation and workflow products such as IBM Resilient
in projects involving Pub1075 regulations, implementations and / or
- A Bachelor’s degree in
information technology systems, computer science, or related field and
two (2) years of experience in information technology systems or related
area, an Associate’s degree in information technology systems, computer
science, or related field and four (4) years of experience in
information technology systems or related area, or a High School diploma
and six (6) years of experience in information technology systems or
Preferred Industry Certifications in field.
GCTI, GCCC, GCWN, GSEC, CEH,
GCIA, GCFA, GCFE, GREM, CCIM, CFCE, CCE, CIFI, CHFI, CCNA, CCNA Cyber
Certified Associate Analyst – Security QRadar SIEM