Job Description
DPP is seeking a Cyber SOC Security Analyst for an opportunity in Columbia, SC.
Work arrangement:
Remote 75% - must come on-site for one week each quarter.
W2 position; 12+ months with possible extension
Position description:
The Cyber SOC Security Analyst will prevent, detect, investigate, and assist in directing remediation to cyber-attacks and threats against organization enterprise applications, networks, and services by investigating indicators of suspicious and malicious activity, and proactively discovering threats to organization.
Candidates must have at least 7 years of experience in Security with a MINIMUM of 5 years hands on working with a SIEM creating offenses, alerts and grooming logs. Preference is an individual who has experience leading a CSIRT, CERT, SOC or Investigations team. SIEM preference is QRadar or Azure Sentinel.
This position requires previous security operational center experience - monitoring, investigating, alerting, and reporting security threats. It also requires previous experience in developing SOPs and documentation.
This is a technical role, supporting the SOC Security Analysts to find the threat actors attempting to attack the agency’s infrastructure. You will need to be a technical and professional leader, someone who enjoys training and mentoring teammates, and a person who can encourage and elevate the team.
Under general supervision, the Cyber SOC Security Analyst will report directly to a functional manager. The Cyber SOC Security Analyst will be a team member that ensures the stability and integrity of data, and server services through monitoring, maintenance, support, and optimization of all server infrastructure.
The analyst has 24/7 on-call responsibilities shared with the group.
This position can be remote, but the Cyber SOC Security Analyst is required to report on-site for one week each quarter at DPP’s expense.
Technical background required:
Developing offenses and alerts in SIEM and Incident Response tools
Oversight and development of Use Cases, Playbooks/Runbooks, SOP
Impact of their work on improving the security of an organization.
Network vulnerability and compliance scanning
Review and interpretation of the results thereof
Determination of severity and urgency when evaluating risk
Working with system owners to determine if and when corrective action will be taken.
Responsibilities:
Technical:
Proactively search for active intrusions in the Agency environment, recognizing potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
Work closely with escalation points to close out complex investigation
Conducting holistic, investigative analysis and rating the risk associated with observed activity
Review investigation escalations from SOC Analysts to ensure accurate analysis and provide advice/mentorship
Refine and develop dashboards, queries and reports to continuously improve security situational awareness
Maintain SOC documentation, procedures, processes and hardware and software inventory detail
Demonstrate a sound understanding of security technologies and their function within a networked environment
Adhere to corporate information security guidelines and promote information security among coworkers
Develop reports (manual and automated) to support the development, collection, and reporting of Quality Assurance and Performance metrics.
Performs other duties and special projects as assigned.
Non-technical:
Demonstrate highly technical thinking and knowledge, inspire confidence and credibility within a team
Time management on multiple investigations, prioritizing
Appetite to develop an understanding of most investigations, cyber threats and computer forensics
Taking control of high-pressure situations and the attention to detail to precisely find the source
A good team ethos, drive and be a self-starter.
The ability to work unsupervised and under pressure
Excellent verbal and written communication skills
Provide feedback to team regarding product issues, enhancements and new features
Ability to ask pertinent questions of others
Proactively seek to identify, communicate and implement process related improvements
Effectively manage multiple tasks and activities concurrently and able to provide periodic status updates to key stakeholders
Collaborate extensively with peers and management to resolve client issues while actively contributing to a growing knowledge network that improves the effectiveness of our team and the information available to our clients
Prioritize numerous issues of varying severity, and effectively manage the resolution of all issues within accepted service levels. This includes ownership of the data entered into the Helpdesk system and appropriately updating both client and appropriate employees of status of all issues on a timely basis
Good customer skills, be attentive to detail, and responsive to customer tickets
Performs other duties and special projects as assigned
Required knowledge, skills, and abilities:
Currently employed as a SOC 2 or SOC 3 Analyst
Currently using SOAR and SIEM technology
Risk and vulnerability assessments
Incident management
Security Information Event Management (SIEM) tuning of offenses, alerts
Excellent written and verbal communications skills
Threat hunting
Ability to use industry leading security tools
Demonstrate knowledge of information security principles and practices
Knowledge of common risks and threats for networking, database, systems, cloud and web operations
Preferred skills:
IRS Safeguard Computer Security Evaluation Matrix (SCSEM)
Forensics
Experience in projects involving PCI/NIST security implementations and/or audits
Windows Security, including Cloud
Wireshark
SIEM tuning of log sources
SIEM systems development and configuration
Penetration testing
Tenable Security Center Administration
OWASP Top 10 remediation techniques
Required education/certifications:
7 years of experience in security information technology systems or related area, with a minimum of 5 years utilizing SIEM or SOAR technology
Preferred education/certifications:
Preferred Industry Certifications in the field
Cloud certifications
Microsoft certifications, Azure, Security-related
GCIH, GCTI, GCCC, GCWN, GSEC, CEH, GCIA, GCFA, GCFE, GREM, CCIM, CFCE, CCE, CIFI, CHFI, CCNA, CCNA Cyber Ops
IBM Certified Associate Analyst - Security QRadar SIEM
Interested? Learn more:
Click the apply button or contact our recruiter Kyle at (url removed) to learn more about this position (#(phone number removed).
DPP offers a range of compensation and benefits packages to our employees and their eligible dependents. Call today to learn more about working with DPP.
Authorized US Worker - US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor at this time. EOE/AA/V/D
Job Tags
Full time, Remote job,