CSOC-Tier 2 Analyst - Night Shift
Days off: Thursday-Friday
Hours: 11:00 pm-8:00am This is a hybrid role so some onsite work Key Responsibilities:
• Identification of Cybersecurity problems which may require mitigating controls
• Analyze network traffic to identify exploit or intrusion related attempts
• Recommend detection mechanisms for exploit and or intrusion related attempts
• Provide subject matter expertise on network based attacks, network traffic analysis, and intrusion methodologies
• Escalate items which require further investigation to other members of the Threat Management team
• Execute operational processes in support of response efforts to identified security incidents Job responsibilities will include:
• Participates in a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc. to identify the responsible, determine remediation, and recommend security improvements
• Follows precise analytical paths to determine the nature and extent of problems being reported by tools, e-mails, etc
• Follows strict guidance on reporting requirements
• Keeps management informed with precise, unvarnished information about security posture and events
• Promotes standards-based workflow both internally and in coordinating with US-CERT
• Engages with other internal and external parties to get and share information to improve processes and security posture
• Guide team efforts
• Communicates to CISO leadership
• Leads analyzing/investigating reports or anomalies Requirements:
• Preferred 3 years IT security experience
• Preferred 2 years’ experience in network traffic analysis
• Strong working knowledge of:
• TCP/IP Fundamentals
• Network Level Exploits
• Excellent oral and written communication skills
• Excellent interpersonal and organizational skills
• Strong understanding of IDS/IPS technologies, trends, vendors, processes and methodologies
• Strong understanding of common IDS/IPS architectures and implementations
• Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection Desired Skills:
• Splunk experience, developing queries
• Cloud monitoring experience is a plus
• Excellent writing skills EXPERIENCE LEVEL:
•3-5 years of related experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC). EDUCATION:
Bachelors Degree in Computer Science, Information Technology or Information Security preferred or a technically related field OR equivalent related work experience CERTIFICATIONS: (One or more desired)
CompTIA Security
CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker
GCIH - (GIAC Certified Incident Handler) or ECIH - (EC-Council Certified Incident Handler)
CISA - Certified Information Systems Auditor Additional Provisions: • Must be able to obtain a Position of Public Trust Clearance
• Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
• If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
• All candidates must be a US Citizen, or have permanent residence status (Green Card).
• Candidate must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)
• The enforced dress code is business casual, i.e. collared shirt with slacks for men, no skirts above the knee for women.