Tier II Soc Analyst
Company: Marathon TS
Location: Remote
Posted on: January 24, 2023
Job Description:
Marathon TS is searching for a Tier 2 SOC Analyst. As a Tier 2
SOC Analyst you and team will be responsible for manning a 24x7x365
coordination center and responding to escalated alerts,
notification, communications and providing incident response
activities such as tracking the incident, communication with
stakeholders, remediation and recovery actions and reporting. As
trouble tickets or help desk alerts generated by Tier 1 analysts,
Tier 2 leverages security controls, policies, and intelligence
(indicators of compromise (IOC), rules, and procedures) to
determine the scope and origin of the attack. Tier 2 focuses on
mitigation, recovery, and remediation once an attack has
occurred.
Responsibilities:
- Perform incident response analysis uncovering attack vectors
involving a variety, malware, data exposure, and phishing and
social engineering methods.
- Participate in the remediation of incidents and responses that
are generated from live threats against the enterprise.
- Recording and reporting all incidents per Federal policy,
department policy and legislation.
- Creating and tracking network incidents and investigations
through completion
- Serve as a point person for Incident Management; providing
coordination and assignment of activity for all entities party to
incident response event
- Monitor security events received through alerts from SIEM or
other security tools
- Revise alerts escalated by end users
- Carry out Level 2 triage of incoming Incidents (initial IR
assessment of the priority of the event, initial determination of
incident nature to determine risk and damage or appropriate routing
of security or privacy data request)
- Maintain assigned ticket queue
- As needed, serve as the incident response event point person
and liaison to enterprise teams, responding to crisis or urgent
situations aimed at mitigating, preparing for, responding to, and
recovery systems. Will also coordinate resources, activities and
timelines during security incidents to ensure a unified structured
response to incidents (I.e. data breaches, ransomware events,
etc.)
- Review and recommend technical, process, and physical controls
to counteract damage from breach events
- Supports/develops reports during and after incidents, which
include all actions taken to properly mitigate, recover and return
operations to normal operations
- Support forensic investigators and application security
analysts in reactive and proactive Threat Hunting engagements,
performing endpoint, network, and log analysis
Qualifications:
- 5+ years of relevant work experience
- Bachelors' Degree or 2 additional years of experience
- US Citizenship and must be able obtain up to a Top Secret
Clearance. (Active Top Secret clearance preferred)
- Must have ISC2 Certified Information Systems Security
Professional (CISSP) certification or GIAC Certified Incident
Handler required
- Advanced knowledge of TCP/IP protocols, experience configuring
and implementing various technical security solutions
- Advanced experience providing analysis and trending of security
log data from a large number of heterogeneous security
devices
- Experience in incident detection and response, malware
analysis, or cyber forensics
- Demonstrate proficiency in the Incident Response Process as
well as the performance of threat hunting and SOC
operations.
- IDS monitoring and analysis, analyze network traffic, log
analysis, prioritize and differentiate between potential intrusion
attempts and false alarms
- Good understanding of system log information and what it means,
where to collect specific data/attributes as necessitated per
Incident Event (host, network, cloud, etc)
- Strong understanding of enterprise networking (host based
firewalls, anti-malware, hids, IDS/IPS, proxy, WAF), Windows and
Unix/Linux systems' operations, TCP / IP protocols, experience
providing analysis and trending of security log data
- Experience creating and tracking investigations to
resolution
- Experience with vulnerability scanning tools such as Tenable
Nessus, Tenable.IO, Tenable.SC, QualysGuard, etc
Marathon TS is committed to the development of a creative, diverse
and inclusive work environment. In order to provide equal
employment and advancement opportunities to all individuals,
employment decisions at Marathon TS will be based on merit,
qualifications, and abilities. Marathon TS does not discriminate
against any person because of race, color, creed, religion, sex,
national origin, disability, age or any other characteristic
protected by law (referred to as "protected status").
#CJJOBS
Keywords: Marathon TS, Eugene , Tier II Soc Analyst, Professions , Remote, Oregon
Didn't find what you're looking for? Search again!
Loading more jobs...