We are looking for smart, creative individuals interested in helping grow something truly unique in our markets. Out Company is seeking multiple Incident Response/ Tier 2 SOC Analysts to join our rapidly growing team in Washington DC in a fully remote role. Candidates will be required to work the following shift: Mon - Fri. (8am - 5pm) Position Description: As an Incident Response/ Tier 2 SOC Analyst you along with the Incident Response team will be responsible for manning a 24x7x365 coordination center and responding to escalated alerts, notification, communications and providing incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions and reporting. As trouble tickets or help desk alerts are generated by Tier 1 analysts, Tier 2 leverages security controls, policies, and intelligence (indicators of compromise (IOC), rules, and procedures) to determine the scope and origin of the attack. Tier 2 focuses on mitigation, recovery, and remediation once an attack has occurred. Ensure reports are properly entered into the incident tracking system and will coordinate with the reporting entity to gain full understanding of the event and details. Expected to have knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors and be able to comprehend reports and determine what additional action and response activities may be required to resolve an incident. Follow established SOP’s, policies and other procedures for escalation and notification of Federal Leadership and reporting. The ideal candidate must have a strong understanding of Splunk SIEM and supporting forensic tools. The ideal candidate will Support/develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations
Lead and/or actively participate in security related meetings and discussions with the client
Perform incident response analysis based on investigation requirements
Participate in the remediation of incidents and responses that are generated from live threats against the enterprise
Record and report all incidents per Federal and department policy
Create and track network incidents and investigations through closure
Serve as key personnel for Incident Management; provide coordination, task assignment and process guidance for incident response event
Monitor and investigate security events received through the SIEM or other security tools
Carry out Level 2 triage of incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage, or appropriate routing of security or privacy data request)
Manage assigned investigations to ensure they are being actively worked on and assist Tier 1 analysts as needed to resolve investigations
Review, revise and recommend technical, process, and physical controls
Develop and implement defensive cyber best practice tactics, techniques, and procedures Required Qualifications 5 years of relevant work experience or a bachelor’s degree with 2 years of relevant experience
US Citizen and must be able to pass a background investigation (up to Top Secret)
MUST HAVE one of the following ACTIVE certifications: CISSP, GCIH, or CASP
Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.
Demonstrate proficiency in the Incident Response Process and SOC operations, and good understanding in threat hunting
Good understanding of system log information and where to collect specific data/attributes as required for the Incident Event
Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations
Experience performing log analysis and reporting
Experience creating and tracking investigations to resolution
Experience with Endpoint security solutions, including but not limited to: Windows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools
Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST, ISO)
Solid understanding of the application, authentication, network security principles and operating system hardening techniques
General knowledge of cyber-attack frameworks (MITRE ATT&CK and Lockheed Cyber Kill Chain)
Understanding of Computer Network Defense (CND) policies, procedures, and regulations
SIEM monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategies
Ability to work independently to address and resolve a security incident with minimal supervision
Must be willing to work from the client site (Washington DC) Clearance Public Trust or equivalent clearance desired. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. COVID-19 Vaccine Mandate Candidates must have received or be willing to receive the COVID-19 vaccination to be considered. Proof of vaccination is required. Medical and/or religious exemption requests will be considered. We will decide on your request for reasonable accommodation on a case-by-case basis.