SOC Analyst Mid

ECS is seeking a SOC Analyst Mid to work in our Windsor Mill office.

Position Responsibilities:

. Perform hunting for malicious activity across the network and digital assets

. Respond to computer security incidents and conduct threat analysis

. Identify and act on malicious or anomalous activity

. Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network

. Perform detailed investigation and response activities for potential security incidents

. Provide accurate and priority driven analysis on cyber activity/threats

. Perform payload analysis of network packets

. Recommends implementation of countermeasures or mitigating controls

. Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment

. Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity

. Mentor junior staff in cybersecurity techniques and processes

. Create and continuously improve standard operating procedures used by the SOC

. Resolve or coordinate the resolution of cyber security events

. Monitor incoming event queues for potential security incidents

. Create, manage, and dispatch incident tickets

. Monitor external event sources for security intelligence and actionable incidents

. Maintain incident logs with relevant activity

. Document investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team and stakeholders

. Participate in root cause analysis or lessons learned sessions

Salary Range: $69,099.00 - $84,454.00
General Description of Benefits: Benefits Link

Requirements:

Job Requirements:

. Working knowledge with US-CERT Federal Incident Notification Guidelines

. 4 years of Information Technology experience, with at least 2 years of experience in information security working within security operations

. Working knowledge of Splunk Enterprise, Enterprise Security, and SOAR products

. Working knowledge of CrowdStrike, TrendMicro and McAfee host-based solutions

. Knowledge of log, network, and system forensic investigation techniques

. Significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention/detection logs

. Experience conducting intelligence driven defense utilizing the MITRE ATT&CK framework and Cyber Kill Chain (CKC)

. Diverse knowledge base of operating systems, network protocols, system administration, and security technologies

. Knowledge of TCP/IP Networking and the OSI model

. Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies

. Significant experience monitoring threats via SIEM console

. Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems

. Strong customer service skills and decision-making skills

. Ability to develop working knowledge of client infrastructure

Certifications/Licenses: One or more of the following industry standard certifications:

. Bachelor's degree in Computer Science or related field or equivalent work experience

. Certified Information Systems Security Professional or Associate

. Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA) or SANS GIAC Certified Incident Handler (GCIH)

Req Benefits: