Tier 2 SOC Analyst
Organization: Department of Education
Location: Washington, DC
Labor Category: Computer Scientist II
Terms: Full Time Employment
Salary: Based on experience, education and certification
Clearance: Top Secret
Monitor network traffic for security events and perform triage analysis to identify security incidents.
Respond to computer security incidents by collecting, analyzing, preserving digital evidence and ensure that incidents are recorded and tracked in accordance with SOC requirements. Work closely with the other teams to assess risk and provide recommendations for improving our security posture.
- The ability to take lead on incident research when appropriate and be able to mentor junior analysts.
- Experience managing cases with enterprise SIEM systems like Arcsight, Splunk or Sourcefire.
- Working knowledge of any of the following tools is required: McAfee EPO, Symantec Endpoint, RSA | Security Analytics, NIKSUN, Wireshark or other information security tools.
- Conduct research on emerging security threats.
- Provides correlation and trending of cyber incident activity.
- Develops threat trend analysis reports and metrics.
- Supports SOC analysis, handling and response activity.
- Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
- Author Standard Operating Procedures (SOPs) and training documentation when needed. Shift work is required.
- Bachelors or equivalent experience
- 7+ years project related experience
- Deep packet and log analysis
- Some Forensic and Malware Analysis
- Cyber Threat and Intelligence gathering and analysis
Desired Skills and Certifications
- One or more certifications, including but not limited to: GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, CISSP, CCNA (Security), Security + or equivalent.
- 2+ years in an Incident Responder/Handler role
- Ability/experience in training and supervising junior analysts.