Security Operations Center (SOC) Analyst, Senior

Everwatch - Annapolis Junction, MD

posted 5 days ago

Full-time - Mid Level
Annapolis Junction, MD

About the position

The Senior Security Operations Center (SOC) Analyst at EverWatch plays a critical role in safeguarding infrastructure that supports global missions. This position involves improving monitoring strategies, analyzing threats, and leading incident response efforts to defend against cyberspace threats. The analyst will guide the team on best practices, configure defense tools, and provide recommendations to enhance security measures.

Responsibilities

  • Improve monitoring strategies and analyze threats to safeguard infrastructure.
  • Guide the team on best practices and security measures.
  • Configure defense tools and create reports and dashboards.
  • Build custom queries and make recommendations to leadership on best practices.
  • Lead incident response and remedy potential incidents escalated from Tier 1 SOC Analysts.
  • Work with the team to understand, mitigate, and respond to threats quickly.
  • Assess how many systems are affected and assist recovery efforts.
  • Combine threat intelligence, event data, and assessments to identify patterns and provide mitigation techniques.
  • Analyze log data and build and tune detections.

Requirements

  • 6+ years of experience in modeling, cyber security, anomaly detection, SOC detection, threat analytics, and incident response.
  • Experience with writing detections within SIEM solutions like Splunk, ArcSight, ElasticSearch, or Azure Sentinel.
  • Experience with IDS/IPS monitoring.
  • Knowledge of Bro or Zeek configurations.
  • Knowledge of OS internals including Windows, Linux, or Mac.
  • Knowledge of common security threats and vulnerabilities.
  • Ability to perform Nessus scans and review results, firewall configurations, and hardening of Linux systems.
  • TS/SCI clearance with a polygraph.
  • Bachelor's degree.
  • IAT Level II Certifications.

Nice-to-haves

  • Experience in creating and debugging Splunk Dashboards and creating Snort rules.
  • Experience with digital forensics, reverse engineering, and penetration testing.
  • Experience with security principles in virtual and hosting software like MISP, HIVE, CORTEX, WikiJS, VPN, and SecurityOnion.
  • Experience leading teams in a technical capacity.
  • Experience with scripting languages like PowerShell or Python to parse logs and automate tasks.
  • Ability to use Splunk for hunting indicators of compromise and reviewing logs.
  • Ability to code or script using any language.
  • Ability to collaborate with internal and external teams including developers, vendors, and project managers.
  • DOD 8570 CSSP Analyst Certification.
  • GCIA, GSLC, GCIH, CISM, CISSP, or CEH Certifications.

Benefits

  • Competitive salaries and benefits packages.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service