Senior SOC Analyst - Washington DC/Hybrid
Posted 4 days ago by Protos IT
Negotiable
Undetermined
Hybrid
Remote
Summary: The Senior SOC Analyst role involves providing expert technical support in Incident Response, Network Defense, and SIEM content creation, with a focus on cyber threats and information security. The position is based in Washington DC with a hybrid working arrangement, requiring one day a week on-site. Candidates should have extensive experience in incident response and security monitoring, along with relevant certifications. The role emphasizes strong analytical skills and the ability to manage complex data sets effectively.
Key Responsibilities:
- Provide expert technical support in Incident Response, Network Defense, and SIEM content creation.
- Analyze and respond to cyber threats and incidents, ensuring the confidentiality, integrity, and availability of data.
- Create custom content for security monitoring and detection efforts.
- Train junior and mid-level cyber workforce members.
- Utilize various tools for data collection, reporting, and analysis of security incidents.
Key Skills:
- A minimum of seven years of professional experience in incident response and information security.
- Hands-on experience with security monitoring tools and SIEM platforms.
- Relevant certifications such as GCIA, GCIH, or CISSP.
- Strong documentation and technical report writing skills.
- Proficiency in coding and scripting languages.
Salary (Rate): undetermined
City: Washington DC
Country: United States
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Senior SOC Analyst
Public Trust
Washington DC/Hybrid - 1 day a week on-site however remote is possible with waiver
The Senior Analyst will provide expert technical support in the areas of Incident Response (IR), Network Defense, and SIEM content creation. Additionally, the ideal candidate will be an expert in cyber threats and information security in the domains of TTP s, Threat Actors, Campaigns, and Observables.
REQUIRED Qualifications:
A minimum of seven (7) years of professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats and information security.
A minimum of five (5) years of hands-on experience with experience in the last two (2) years that includes host-based and network-based security monitoring, identifying and analyzing anomalous activities with familiarity in host-based tools, intrusion detection systems, intrusion analysis functions, security information event management (SIEM) platforms, endpoint threat detection tools, and ticket management in a SOC Operations environment.
One or more of the following certifications: GCIA, GCIH, GCFA, GCED, or other Information Assurance Technician (IAT) Level III certification (CASP+ CE, CCNP Security, CISA, CCSP), as well as an active CISSP, or the ability to obtain one within six (6 months) of hire.
Demonstrated understanding of incident response, insider threats, forensics, cyber threats and information security.
Prior experience with a Splunk as Security Information and Event monitoring (SIEM) platform and log management system.
Experience creating custom content such as rules, filters, signatures, countermeasures and operationally relevant scripts to support analysis and detection efforts. Strong SPL knowledge is preferred.
Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to contain and mitigate threats to maintain the confidentiality, integrity, and availability of protected data.
Ability and experience extracting and managing complex large data sets.
Strong documentation and written communication skills with technical report writing experience.
Experience with ad-hoc training to junior, mid, or senior members of a cyber work force.
Existing Subject Matter Expertise (SME) of Advanced Persistent Threat (APT) or emerging threats.
Proficiency in utilizing various packet capture (PCAP) applications/engines and in analysis of PCAP and NetFlow data.
Experience with static and dynamic malware analysis, including reverse engineering of binaries.
Familiarity with coding, scripting languages (BASH, PowerShell, Python, etc.), or with software development frameworks such as .NET.