Journeyman SOC Analyst (Q Clearance)
ShorePoint, LLC · North Las Vegas, NV · 2 mo ago
Information Technology$83k–$137k/yrFull-time
About the role
We are seeking a Journeyman SOC Analyst (Q Clearance) for a potential opportunity to provide advanced monitoring, triage and response within a 24/7 Security Operations Center (SOC) environment.
Responsibilities
- Monitor client sources of potential security incidents, health alerts with monitored solutions and requests for information.
- Follow client and incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation.
- Escalate potential security incidents to client personnel, implement countermeasures in response to others and recommend operational improvements.
- Keep accurate incident notes in the case management system.
- Maintain awareness of the client’s technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by client threat intelligence and recent security incidents.
- Provide advanced analysis of the results of the monitoring solutions, assess escalated outputs and alerts from Level 1 Analysts.
- Perform web hunting for new patterns/activities.
- Advise on content development and testing.
- Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity.
- Ensure that all identified events are promptly validated and thoroughly investigated.
- Provide end-to-end event analysis, incident detection and manage escalations using documented procedures.
- Devise and document new procedures and runbooks/playbooks as directed.
- Maintain monthly Service Level Agreements (SLAs).
- Maintain compliance with processes, runbooks, templates and procedures-based experience and best practices.
- Assist the Cyber Hunting team with advanced investigations as needed.
- Provide malware analysis (executables, scripts, documents) to determine indicators of compromise and create signatures for future detection of similar samples.
- Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc.
- Perform peer reviews and consultations with Level 1 Analysts regarding potential security incidents.
- Serve as a subject matter expert in at least one security-related area (e.g., specific malware solution, Python programming, etc.).
- Provide shift status and metric reporting as well as support weekly operations calls.
Requirements
- Strong understanding of SOC operations, incident response workflows and monitoring tools.
- Experience with malware behavior analysis and identification of indicators of compromise.
- Familiarity with APT tactics, techniques and procedures.
- Knowledge of security technologies such as SIEM, EDR, IDS/IPS and WAF.
- Understanding of networking fundamentals, protocols (TCP/IP, DNS, HTTP) and infrastructure devices.
- Awareness of security architecture principles and common defensive tools.
Qualifications
- Bachelor’s degree.
- 2+ years of working in a SOC or similar security operations environment, including 1+ years of experience in security technologies such:
- Security Information and Event Management (SIEM).
- IDS/IPS, DLP, Endpoint Detection and Response (EDR).
- Web Application Firewall (WAF), anti-virus and sandboxing solutions.
Skills
- (ISC)2 Certified Information Security Professional (CISSP)
- Giac Certified Intrusion Analyst (GCIA)
- Giac Continuous Monitoring (GMON)
- Certified Ethical Hacker (CEH) or equivalent.
Benefits
- 18 days of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.
Pay
$101,213 per year
Schedule
Rotating shifts for 24/7 support of clients.