ECS is seeking a SOC Analyst (Mid) to work in our Windsor Mill, MD office. Iron Vine Security, an ECS Company, is part of a rapidly growing information security and information technology company in Fairfax, VA. We are looking to hire a Mid-Level Cyber Security Analyst to provide a full range of cyber security services on a long-term contract in Baltimore, MD. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance. Position Responsibilities:
- Perform hunting for malicious activity across the network and digital assets
- Respond to computer security incidents and conduct threat analysis
- Identify and act on malicious or anomalous activity
- Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
- Perform detailed investigation and response activities for potential security incidents
- Provide accurate and priority driven analysis on cyber activity/threats
- Perform payload analysis of network packets
- Recommends implementation of countermeasures or mitigating controls
- Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
- Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
- Mentor junior staff in cybersecurity techniques and processes
- Create and continuously improve standard operating procedures used by the SOC
- Resolve or coordinate the resolution of cyber security events
- Monitor incoming event queues for potential security incidents
- Create, manage, and dispatch incident tickets
- Monitor external event sources for security intelligence and actionable incidents
- Maintain incident logs with relevant activity
- Document investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team and stakeholders
- Participate in root cause analysis or lessons learned sessions
Salary Range: $50,000 - $75,000 General Description of Benefits
- Must have familiarity with US-CERT Federal Incident Notification Guidelines
- 5+ years of Information Technology experience, with at least 2 years of experience in information security working within security operations
- Splunk, Elastic, Snowflake, and Akamai WAF experience preferred
- Working knowledge of CrowdStrike, TrendMicro and McAfee host-based solutions
- Knowledge of log, network, and system forensic investigation techniques
- Significant experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, or intrusion prevention/detection logs
- Significant experience with packet analysis (Wireshark) and malware analysis preferred
- Experience conducting intelligence driven defense utilizing the MITRE ATT&CK framework and Cyber Kill Chain (CKC)
- Diverse knowledge base of operating systems, network protocols, system administration, and security technologies
- Knowledge of TCP/IP Networking and the OSI model
- Experience creating actionable content for a diverse range of commercial security tools and/or SIEM technologies
- Significant experience monitoring threats via SIEM console
- Excellent problem solving, critical thinking, and analytical skills with the ability to de-construct problems
- Strong customer service skills and decision-making skills
- Working knowledge of client infrastructure preferred
Certifications/Licenses: One or more of the following industry standard certifications:
- Bachelor's degree in Computer Science or related field or equivalent work experience
- Certified Information Systems Security Professional or Associate
- Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA) or SANS GIAC Certified Incident Handler (GCIH)