Security Operations Center (SOC) Tier 2 Analyst

Published
January 9, 2022
Location
San Antonio, TX
Category
Job Type

Description

As a Security Operations Center (SOC) Tier 2 Analyst, you will be analyzing / monitoring network traffic and providing advanced IT Security Incident Response for a global hybrid environment environment.

Security Clearance is Required*****

In this role, you will be responsible for the following:

· Validation and analysis of investigations escalated from the Tier 1 Security Operations Center (SOC) Analysts

· Analyzes medium to high complexity technical and system problems related to security events

· Provide documentation of the investigation; determine the validity and priority of the activity and escalate to a Cyber Defense Team, as needed

· Communicates directly with the Application owners and business owners during high severity incidents

· Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets and SIEM platform

· Manages and assures threat feeds are received, aggregated, reviewed, tickets and acted upon accordingly

· Feeds data back to threat feed sources, where appropriate, of new threats found during internal investigations

· Manage white list and black list in SIEM and disseminates to appropriate operators for tool policy updates or setting updates in security tools

· Staying up to date with current vulnerabilities, attacks, and countermeasures

· Develops solutions and provides recommendations to enhance overall security posture, reduce false positives, and optimize Time to Detection and Time to Remediation metrics

· Provide analysis and trending of security log data from a large number of heterogeneous security devices.

· Provide Incident Response (IR) support when analysis confirms actionable incident.

· Provide threat and vulnerability analysis as well as security advisory services

· Analyze and respond to previously undisclosed software and hardware vulnerabilities

· Investigate, document, and report on information security issues and emerging trends.

· Coordinate with Intel analysts on open source activities impacting SLTT governments.

· Integrate and share information with other analysts and other teams

· Other duties as assigned

Knowledge, Skills, and Abilities

· Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages

· General knowledge of practices and procedures of operating systems, operating system utilities and sub systems and/or network technologies

· Knowledge of network security zones, firewall, IDS

· Knowledge of log formats for syslog, http logs, DB logs and how to gather traceability back to event; knowledge of packet capture and analysis; experience with log management or security information management tools; experience with security assessment tools; ability to make information security risk determinations

· Knowledge of regex and experience with one or more scripting languages like Python, Perl, Ruby etc.

· Familiarity with and the ability to follow ITSM, ITIL, and InfoSecurity Best Practices

· Candidates must be able to work on-site at Federal Agency located in the Vienna, VA or San Antonio, TX areas

· Authorized to work in the US without sponsorship now or in the future

· The ability to communicate security events, potential impacts, and actions taken to higher-tier resolvers and management team

Preferred but Not Required Knowledge, Skills, Abilities and Certs

· AWS Certifications and or experience

Certifications and Experience

· Hold at least a US Secret Clearance

· Meets IAT II Certification requirements

· Security+ Certification is required

· Certified and/or trained in one or more of the Security tracks from vendors like Cisco, Splunk, Microsoft

· 4+ years of related experience in a Security Operations Center capacity

· Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), Cyber Defense Team (CDT) or a Security Operations Center (SOC)

Apply
Drop files here browse files ...

Related Jobs

January 20, 2022
January 20, 2022

Author: