Senior SOC Analyst/Lead
ECS Corporate Services

Job Info

---

ECS is seeking a Senior SOC Analyst/Lead to work in our Remote office. Please Note: This position is contingent upon [additional funding].

Job Description:

ECS is seeking a Senior SOC Analyst with demonstrated experience supporting the development of processes, procedures, and automations to rapidly ingest, aggregate, correlate, normalize, analyze event messages to absurdly identify and respond to Indicators of Compromise (IoC). The ideal candidate is a critical thinker and perpetual learner who is excited to solve some of our clients' toughest challenges. To be successful the candidate must have experience working in a mature 24x7x365 Security Operation Center.

Provides subject matter expertise for monitoring and managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the Security Operations Center.

• Ensures all security incidents are tracked and documented appropriately.
• Continuously monitors SIEM and on-premises infrastructure/cloud applications for security events to threats & intrusions, including:
• SIEM alert queue
• Phishing email inbox
• Intel feeds via email and other sources (i.e., US-CERT, MS-ISAC)
• Incident ticketing queue (Resilient tickets)
• Ensures the SOC manager stays informed of any issues or incidents.
• Coordinates with SOC staff to conduct incident/policy violation investigations, report infractions, eradicate/mitigate/remediate Indications of Compromise (IoC), and perform continuous monitoring functions.
• Leads root cause analysis and post-mortem dialogue after significant events to capture lessons learned and define process or technology improvements.
• Owns the successful completion of all daily operational processes and procedures.
• Develops and maintains standard operating procedures (SOPs), technical playbooks and operational run books to support SOC operations and incident response activities.
• Conduct follow-up meetings of escalated or noteworthy cases and modifies SOPs and playbooks based on policies, standards and best practices learned from previous cases.
• Works in conjunction with SOC and infrastructure management teams to administer and manage the SOC security technologies.
• Evaluates Common Vulnerabilities and Exposures (CVE) as a potential internal/external attach vector, develop recommendations to eliminate vulnerability/weakness if present.
• Work closely with Cyber Threat Intel to provide information on detection patterns for new upcoming threats.
• Oversees threat hunting initiatives and reviews hunt reports that are provided by SOC analysts.
• Provides training and mentorship to SOC analyst to improve the incident handling capabilities.
• Provides guidance for all internal stakeholders for reporting and visualizations that supports SOC goals and objectives to identify and correct gaps.
• Reconfigures analytic objects (e.g., fields, extractions, tags, event types, lookups, workflow actions, aliases).
• Develops reports for operational activities to meet SOC and cybersecurity leadership requirements and directives.
• Provides extensive knowledge of cybersecurity, incident response, digital forensic analysis and educate personnel on effective SOC searches, reporting, and visualization development.

Salary Range: $135,000-$150,000

General Description of Benefits

Required Skills:

• Minimum of 5 years experience conducting analysis of log data in support of intrusion analysis or information security operations.
• Excellent written and oral communication skills
• Ability to interpret complex cybersecurity topics and effectively communicate or present information to various groups of stakeholders (Executives, SOC, etc.)
• Experiencing leading and mentoring junior analysts
• Strong analytical mindset with an open and engaging personality
• Experience with two or more analysis tools used in a CIRT or similar investigative environment.
• Ability to build content in SEIM system.
• Ability to analyze and triage IoCs.
• Proven understanding of computer and network fundamentals.
• Ability to perform in-depth research tasks and produce written summaries to include insights and predictions based on an analytical process.
• Excellent written and oral communication skills.
• Knowledge of current cyber threats, trends, attack lifecycle, and various Tactics, Techniques, and Procedures (TTPs).

Desired Skills:

• Experience collecting, analyzing, and categorizing threat intelligence data from multiple sources to author actionable intelligence reports.
• Deep understanding of computer architecture, operating systems, vulnerabilities, encryption, or other advanced areas of expertise.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

General Description of Benefits

---