Cybersecurity Analyst - SOC
Kforce Inc, Austin, TX, United States
Responsibilities
Kforce is seeking a Early Career to Mid Level Cyber Security Analyst to work on the CISO Security Operations Center team - supporting the rapid threat detection and response mission. This position requires a motivated fast learner, who can work within a security operations function to identify, analyze, and remediate potential threats to the environment. This role is hybrid onsite - 3 days a week. About the Team: The Security Operations Center has a global footprint and is responsible for monitoring 24x7 monitoring and incident response. As a part of this team, you will be working with other likeminded security professionals in order to secure and protect employees, systems and environments against emerging cybersecurity threats.
Drive the global security monitoring and rapid response mission across the team
Detect, respond, mitigate, and report on cyber threats/incidents that may impact the environment
Model effective communication and response to internal stakeholders within your investigations
Improve runbooks, processes and response capabilities
Participate in security incidents and act as the technical Subject Matter Expert during significant security incidents
Collaborate with technical leads: Engineering, Operations, Service Desk, Applications and BISOs on matters related to security monitoring across global footprint
Collaborate and serve as liaison to Managed and/or Unmanaged Security Service providers
Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response
Conduct training and knowledge sharing sessions within the team
Drive rule tuning and detection use cases across our SOC tools
Provide oversight and mentoring to other team members to improve team capabilities
Perform threat hunts that target adversary TTPs across enterprise environments
Requirements
High School diploma or GED
Relevant IT security industry recognized certifications (CYSA+, Sec+, GSOC, BLT2, etc.)
2+ years of information security related experience
Experience with security operations, security engineering, risk management, vulnerability management, threat analysis, security auditing, incident response and other information security practices preferred
Strong knowledge of cloud computing and network protocols
Knowledge of industry information security standards/frameworks (NIST, MITRE, FEDRAMP)
Experience working with SIEM tools and log analysis
Knowledge of EDR tools and endpoint analysis
Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors
Preferred Requirements
Bachelor's degree
Relevant IT security industry recognized certifications (CASP, CISSP, GCIH, GCIA, GMON, OSCP, etc.)
4+ years of information security experience in a security operations or engineering role
Strong understanding of networking protocols and firewall management
Enterprise experience in incident response or security operations environment
Experience with programming or scripting languages
Experience tuning rules within SIEM tools like Qradar
Strong experience with EDR platforms, such as Crowdstrike, Microsoft Defender 365, Uptycs or Carbon Black, conducting analysis as part of investigations
Experience with cloud computing platforms, e.g. IBM Cloud, Amazon Web Services, Azure
Experience with host virtualization platforms, e.g. VMware, Hyper‑V
Experience with application container technologies, e.g. Kubernetes
Purple team experience conducting attacker simulation and adversary emulation
System administration skills for Windows and Linux
Windows, Linux and/or Mac forensics
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
#J-18808-Ljbffr
Drive the global security monitoring and rapid response mission across the team
Detect, respond, mitigate, and report on cyber threats/incidents that may impact the environment
Model effective communication and response to internal stakeholders within your investigations
Improve runbooks, processes and response capabilities
Participate in security incidents and act as the technical Subject Matter Expert during significant security incidents
Collaborate with technical leads: Engineering, Operations, Service Desk, Applications and BISOs on matters related to security monitoring across global footprint
Collaborate and serve as liaison to Managed and/or Unmanaged Security Service providers
Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response
Conduct training and knowledge sharing sessions within the team
Drive rule tuning and detection use cases across our SOC tools
Provide oversight and mentoring to other team members to improve team capabilities
Perform threat hunts that target adversary TTPs across enterprise environments
Requirements
High School diploma or GED
Relevant IT security industry recognized certifications (CYSA+, Sec+, GSOC, BLT2, etc.)
2+ years of information security related experience
Experience with security operations, security engineering, risk management, vulnerability management, threat analysis, security auditing, incident response and other information security practices preferred
Strong knowledge of cloud computing and network protocols
Knowledge of industry information security standards/frameworks (NIST, MITRE, FEDRAMP)
Experience working with SIEM tools and log analysis
Knowledge of EDR tools and endpoint analysis
Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors
Preferred Requirements
Bachelor's degree
Relevant IT security industry recognized certifications (CASP, CISSP, GCIH, GCIA, GMON, OSCP, etc.)
4+ years of information security experience in a security operations or engineering role
Strong understanding of networking protocols and firewall management
Enterprise experience in incident response or security operations environment
Experience with programming or scripting languages
Experience tuning rules within SIEM tools like Qradar
Strong experience with EDR platforms, such as Crowdstrike, Microsoft Defender 365, Uptycs or Carbon Black, conducting analysis as part of investigations
Experience with cloud computing platforms, e.g. IBM Cloud, Amazon Web Services, Azure
Experience with host virtualization platforms, e.g. VMware, Hyper‑V
Experience with application container technologies, e.g. Kubernetes
Purple team experience conducting attacker simulation and adversary emulation
System administration skills for Windows and Linux
Windows, Linux and/or Mac forensics
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
#J-18808-Ljbffr