Job Title : SOC Analyst
Location : Ashburn, VA (Remote)
Experience : 2+ Entry Level
Work Authorization : USC, GC and EAD
Job Details :
Supporting the Cyber Defense Operations Center (CDOC) team, provide event triage, response, and log analysis, including :
- Triage events and alerts to determine if an incident has occurred including locating owners of assets, validating if an event was a true positive, and escalating incidents as necessary to the Incident Response team (CSIRT)
- Perform rapid response and triage of security reports from Cybercrime and other teams, appropriately investigating, containing, escalate based on the determination, and ticket closure
- Perform thorough analysis on email phishing reports and threats. Ensure appropriate containment & eradication is performed based on the threat perceived & documented guidance
- Facilitate communication and collaborate with internal teams, management, and external stakeholders to provide timely updates on incident progress
- Perform basic forensic examinations on hosts and support CSIRT on response tasks when engaged
- Create recommendations and requirements for content detection and response
2 Demonstrate solid understanding & experience with security controls / tooling used by CDOC, including :
Splunk and Elasticsearch (SIEM / Logging)Splunk SOAR (Case Management)Endpoint Security : Microsoft Defender for Endpoint, CrowdStrike, Wazuh, & TaniumNetwork Security : Netskope SWG and CASB, Palo Alto IPS, CloudFlare WAF, Extrahop, & NetWitnessIAM : Azure ADIntermediate knowledge of Public Cloud environments to support AWS & GCP threat response3 Strong understanding of networking & a variety of IT systems, apps, & their operational configurations
4 Knowledge of Threat Actor tactics, techniques, and procedures (TTPs), log analysis, network traffic analysis, and analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection / compromise
5 Strong oral & written communication abilities to engage with internal stakeholders within & outside of InfoSec
6 Roles will support 8-hour work shifts (during the day)
7 Roles may require overtime, on-call, & weekend coverage (shift rotation) from time-to-time
Skills :
AWS , INCIDENT RESPONSE , ELASTICSEARCH