Security Operation Center (SOC) Analyst Lead

$129,370 - $175,030/Yr

Unclassified - Colorado Springs, CO

posted 4 months ago

Full-time - Senior
Remote - Colorado Springs, CO
10,001+ employees

About the position

The Security Operation Center (SOC) Analyst Lead plays a crucial role in developing, implementing, and evaluating the SOC team's capabilities to provide comprehensive Computer Network Defense and Response support. This position is responsible for 24/7 monitoring and analysis of potential threat activities targeting the enterprise. The SOC Analyst Lead will lead a team that monitors the organization's network and devices for security breaches, maintains software such as log management, researches the latest security trends, conducts security assessments, and performs compliance reviews of SOC operations. Additionally, this role assists with the maintenance of Security Policy and Procedures and provides training for all SOC personnel. A solid understanding of cyber threats and information security is essential, particularly in the domains of Tactics, Techniques, and Procedures (TTPs), Threat Actors, Campaigns, and Observables. The candidate must be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management. The SOC Analyst Lead will support activities within Special Access Programs (SAPs) for Department of Defense (DoD) agencies, including HQ Air Force and the Office of the Secretary of Defense (OSD). This position will provide day-to-day support for Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) activities. Performance expectations include strong analytical and technical skills in computer network defense operations, leading efforts in incident handling (detection, analysis, triage), hunting (anomalous pattern detection and content management), and malware analysis. The SOC Analyst Lead will analyze information technology security events to discern legitimate security incidents from non-incidents, conduct incident investigations, implement countermeasures, and manage incident responses. Knowledge and hands-on experience with Security Information and Event Monitoring (SIEM) platforms and log management systems are critical, as is the ability to analyze security events across various operating systems and network protocols. The role also involves preparing and maintaining security documentation, developing SOC processes and procedures, and effectively communicating business risks associated with cybersecurity issues.

Responsibilities

  • Lead the SOC team in monitoring the organization's network and devices for security breaches.
  • Develop, implement, and evaluate SOC capabilities for Computer Network Defense and Response support.
  • Conduct security assessments and compliance reviews of SOC operations.
  • Assist with the maintenance of Security Policy and Procedures and provide training for SOC personnel.
  • Analyze information technology security events to identify legitimate security incidents.
  • Implement countermeasures and conduct incident response activities.
  • Support activities within Special Access Programs (SAPs) for DoD agencies.
  • Prepare and maintain security documentation, including incident response plans and risk assessments.
  • Develop and implement SOC processes and procedures.
  • Communicate business risks associated with cybersecurity issues effectively.

Requirements

  • 8+ years of related experience in cybersecurity and incident handling.
  • Strong analytical and technical skills in computer network defense operations.
  • Extensive hands-on experience with SIEM platforms and log management systems.
  • Knowledge of intrusion detection systems and security information event management platforms.
  • Experience with incident investigation and implementing countermeasures.
  • Familiarity with various operating systems (Windows, OS X, Linux) and network protocols (TCP, UDP, ICMP, etc.).
  • Ability to develop rules, filters, and operationally relevant applications to support analysis and detection efforts.
  • Knowledge of common attack methodologies and emerging threats.

Nice-to-haves

  • Experience with Network Threat Hunting and Big Data Analytics.
  • Familiarity with cloud technology and content filtering/firewall technology.
  • Experience in analyzing NetFlow data and packet capture (PCAP).
  • Knowledge of digital forensics tools in an enterprise environment.

Benefits

  • Medical plan options, including Health Savings Accounts.
  • Dental plan options.
  • Vision plan.
  • 401(k) plan with company match.
  • Flexible work weeks and various paid time off plans.
  • Short and long-term disability benefits.
  • Life and accidental death insurance.
  • Paid parental, military, bereavement, and jury duty leave.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service