Job Description

Everforth ECS is seeking a SR SOC Analyst to join our team in Windsor Mill, MD office.

Availability to work 2 weeks in office/2 weeks remote, W-Sat, 12P-10P. Saturday is always remote.

Position Responsibilities:

• Perform hunting for malicious activity across the network and digital assets

• Respond to computer security incidents and conduct threat analysis

• Identify and act on malicious or anomalous activity

• Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network

• Perform detailed investigation and response activities for potential security incidents

• Provide accurate and priority driven analysis on cyber activity/threats

• Perform payload analysis of packets

• Recommends implementation of countermeasures or mitigating controls

• Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment

• Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity

• Develop innovative monitoring and detection solutions using client tools and other skillsets such as scripting and content development

• Mentor junior staff in cybersecurity techniques and processes

• Create and continuously improve standard operating procedures used by the SOC

• Resolve or coordinate the resolution of cyber security events

• Monitor incoming event queues for potential security incidents

• Create, manage, and dispatch incident tickets

• Monitor external event sources for security intelligence and actionable incidents

• Maintain incident logs with relevant activity

• Document investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team and stakeholders

• Participate in root cause analysis or lessons learned sessions

Qualifications

Job Requirements:

• In-depth knowledge of the US-CERT Federal Incident Notification Guidelines

• 6 years of Information Technology experience, with at least 4 years of experience in information security working within security operations

• Strong knowledge of Splunk Enterprise, Enterprise Security, and SOAR products

• Strong knowledge of CrowdStrike, TrendMicro and McAfee host-based solutions

• Career proven knowledge of log, network, and system forensic investigation techniques

• Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs

• Significant experience with packet analysis (Wireshark) and Malware analysis preferred

• Intelligence driven defense utilizing the MITRE ATT&CK framework and Cyber Kill Chain (CKC)

• Knowledge of diverse operating systems, networking protocols, systems administration and security technologies

• Knowledge of TCP/IP Networking and knowledge of the OSI model

• Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies

• Significant experience monitoring threats via a SIEM console

• Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems

• Strong customer service skills and decision-making skills

• Ability to develop strong knowledge ofclient infrastructure