Security Operation Center (SOC) Analyst II
NES Associates - Colorado Springs, CO
posted 3 days ago
About the position
The SOC Analyst's primary function is to provide comprehensive Computer Network Defense and Response support through 24/7/365 monitoring and analysis of potential threat activity targeting the enterprise. This position will conduct security event monitoring, advanced analytics and response activities in support of the government's mission. This position requires a solid understanding of cyber threats and information security in the domains of TTP's, Threat Actors, Campaigns, and Observables. Additionally, this candidate must be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management. This position will support activities within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide "day-to-day" support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
Responsibilities
- Must have strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
- Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents.
- Conduct security event triage, incident investigation, implementing countermeasures, and conducting incident response.
- Must be knowledgeable and have hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems.
- Strong logical/critical thinking abilities, especially analyzing security events (windows event logs, network traffic, IDS events for malicious intent).
- Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
- A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks.
- Conceptual understanding of Windows Active Directory and working knowledge of network communications and routing protocols.
- Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
- Experience with one or more of the following technologies: Network Threat Hunting, Big Data Analytics, Endpoint Threat Detection and Response, SIEM, workflow and ticketing, and Intrusion Detection System.
Requirements
- 5+ years of related experience.
- SAP experience required.
- Bachelor's degree in a related area or equivalent experience (4 years).
- CSSP Analyst - required to Start (CEH, CFR, CCNA Cyber Ops, CySA+, GCIA, GCIH, GIC SP, SCYBER).
- US Citizenship Required.
Benefits
- Medical plan options, some with Health Savings Accounts.
- Dental plan options.
- Vision plan.
- 401(k) plan with company match.
- Full flex work weeks where possible.
- Paid time off plans including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
- Short and long-term disability benefits.
- Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance.
