Senior SOC Analyst- (Tier 3) - (TS Cleared)

Job Description

MindPoint Group is seeking a Senior SOC Analyst. The Security Operations Center (SOC) Senior Analyst will collaborate with members of the SOC team to develop innovative and effective procedures for the SOC to enhance coordination and incident response operations. Train staff on SOC concept of operations and develop incident management teams.

Additionally, Senior Analyst candidates must be willing to work in a 24x7x365 SOC environment, demonstrate intuitive problem-solving skills, and allow for flexible scheduling. Monitor network traffic for security events and perform triage analysis to identify security incidents. Respond to computer security incidents by collecting, analyzing, preserving digital evidence, and ensure that incidents are recorded and tracked in accordance with SOC requirements. Work closely with the other teams to assess risk and provide recommendations for improving our security posture.

• This position will have core business hours with limited/occasional on-call support
• Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
• Lead Incident Response activities and mentor junior staff
• Work with key stakeholders to implement remediation plans in response to incidents
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
• Author Standard Operating Procedures (SOPs) and training documentation when needed
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

Qualifications

• Active Top Secret required with SCI eligibility

• Ableto work normal business hours (core) and occasional/limited on-call hours as requested by the client
• 5 (+) years in an Incident Responder/Handler role
• Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts
• Advanced knowledge of TCP/IP protocols
• Knowledge of Windows, Linux operating systems
• Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or ArcSight experience
• Deep packet and log analysis
• Some Forensic and Malware Analysis
• Cyber Threat and Intelligence gathering and analysis
• Bachelor’s degree or equivalent experience
• Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred

Desirable certifications include, but not limited to:

• GCIH, GCIA, GCFE, GREM, GCFA, GSEC
• Security +
• CEH, CISSP, CCNA (Security) or equivalent Certifications.
• CySA+

Additional Information

• All offers are contingent upon proof of full vaccination against COVID-19 or successful accommodation for an exemption.
• All your information will be kept confidential according to EEO guidelines.
• MindPoint is committed to maintaining a diverse environment. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.