SOC Analyst Mid
ECS Limited, Windsor Mill, MD, United States
ECS is seeking a
SOC Analyst Mi d to work in our
Windsor Mill
office.
Position Responsibilities: • Perform hunting for malicious activity across the network and digital assets • Respond to computer security incidents and conduct threat analysis • Identify and act on malicious or anomalous activity • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network • Perform detailed investigation and response activities for potential security incidents • Provide accurate and priority driven analysis on cyber activity/threats • Perform payload analysis of network packets • Recommends implementation of countermeasures or mitigating controls • Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment • Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity • Mentor junior staff in cybersecurity techniques and processes • Create and continuously improve standard operating procedures used by the SOC • Resolve or coordinate the resolution of cyber security events • Monitor incoming event queues for potential security incidents • Create, manage, and dispatch incident tickets • Monitor external event sources for security intelligence and actionable incidents • Maintain incident logs with relevant activity • Document investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team and stakeholders • Participate in root cause analysis or lessons learned sessions
Salary Range: $80,000-95,000 General Description of Benefits: Benefits Link
Job Requirements: • Working knowledge with US-CERT Federal Incident Notification Guidelines • 4 years of Information Technology experience, with at least 2 years of experience in information security working within security operations • Working knowledge of Splunk Enterprise, Enterprise Security, and SOAR products • Working knowledge of CrowdStrike, TrendMicro and McAfee host-based solutions • Knowledge of log, network, and system forensic investigation techniques • Significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention/detection logs • Experience conducting intelligence driven defense utilizing the MITRE ATT&CK framework and Cyber Kill Chain (CKC) • Diverse knowledge base of operating systems, network protocols, system administration, and security technologies • Knowledge of TCP/IP Networking and the OSI model • Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies • Significant experience monitoring threats via SIEM console • Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems • Strong customer service skills and decision-making skills • Ability to develop working knowledge of client infrastructure
Certifications/Licenses: One or more of the following industry standard certifications: • Bachelor's degree in Computer Science or related field or equivalent work experience • Certified Information Systems Security Professional or Associate • Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA) or SANS GIAC Certified Incident Handler (GCIH)
SOC Analyst Mi d to work in our
Windsor Mill
office.
Position Responsibilities: • Perform hunting for malicious activity across the network and digital assets • Respond to computer security incidents and conduct threat analysis • Identify and act on malicious or anomalous activity • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network • Perform detailed investigation and response activities for potential security incidents • Provide accurate and priority driven analysis on cyber activity/threats • Perform payload analysis of network packets • Recommends implementation of countermeasures or mitigating controls • Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment • Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity • Mentor junior staff in cybersecurity techniques and processes • Create and continuously improve standard operating procedures used by the SOC • Resolve or coordinate the resolution of cyber security events • Monitor incoming event queues for potential security incidents • Create, manage, and dispatch incident tickets • Monitor external event sources for security intelligence and actionable incidents • Maintain incident logs with relevant activity • Document investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team and stakeholders • Participate in root cause analysis or lessons learned sessions
Salary Range: $80,000-95,000 General Description of Benefits: Benefits Link
Job Requirements: • Working knowledge with US-CERT Federal Incident Notification Guidelines • 4 years of Information Technology experience, with at least 2 years of experience in information security working within security operations • Working knowledge of Splunk Enterprise, Enterprise Security, and SOAR products • Working knowledge of CrowdStrike, TrendMicro and McAfee host-based solutions • Knowledge of log, network, and system forensic investigation techniques • Significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention/detection logs • Experience conducting intelligence driven defense utilizing the MITRE ATT&CK framework and Cyber Kill Chain (CKC) • Diverse knowledge base of operating systems, network protocols, system administration, and security technologies • Knowledge of TCP/IP Networking and the OSI model • Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies • Significant experience monitoring threats via SIEM console • Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems • Strong customer service skills and decision-making skills • Ability to develop working knowledge of client infrastructure
Certifications/Licenses: One or more of the following industry standard certifications: • Bachelor's degree in Computer Science or related field or equivalent work experience • Certified Information Systems Security Professional or Associate • Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA) or SANS GIAC Certified Incident Handler (GCIH)