Tier II Soc Analyst

Company: Marathon TS
Location: Remote
Posted on: January 24, 2023

Job Description:

Marathon TS is searching for a Tier 2 SOC Analyst. As a Tier 2 SOC Analyst you and team will be responsible for manning a 24x7x365 coordination center and responding to escalated alerts, notification, communications and providing incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions and reporting. As trouble tickets or help desk alerts generated by Tier 1 analysts, Tier 2 leverages security controls, policies, and intelligence (indicators of compromise (IOC), rules, and procedures) to determine the scope and origin of the attack. Tier 2 focuses on mitigation, recovery, and remediation once an attack has occurred.

Responsibilities:

• 
  
• Perform incident response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods.
  
• Participate in the remediation of incidents and responses that are generated from live threats against the enterprise.
  
• Recording and reporting all incidents per Federal policy, department policy and legislation.
  
• Creating and tracking network incidents and investigations through completion
  
• Serve as a point person for Incident Management; providing coordination and assignment of activity for all entities party to incident response event
  
• Monitor security events received through alerts from SIEM or other security tools
  
• Revise alerts escalated by end users
  
• Carry out Level 2 triage of incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage or appropriate routing of security or privacy data request)
  
• Maintain assigned ticket queue
  
• As needed, serve as the incident response event point person and liaison to enterprise teams, responding to crisis or urgent situations aimed at mitigating, preparing for, responding to, and recovery systems. Will also coordinate resources, activities and timelines during security incidents to ensure a unified structured response to incidents (I.e. data breaches, ransomware events, etc.)
  
• Review and recommend technical, process, and physical controls to counteract damage from breach events
  
• Supports/develops reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations
  
• Support forensic investigators and application security analysts in reactive and proactive Threat Hunting engagements, performing endpoint, network, and log analysis
  
  
  
  
  Qualifications:
  
  
  • 
    
  • 5+ years of relevant work experience
    
  • Bachelors' Degree or 2 additional years of experience
    
  • US Citizenship and must be able obtain up to a Top Secret Clearance. (Active Top Secret clearance preferred)
    
  • Must have ISC2 Certified Information Systems Security Professional (CISSP) certification or GIAC Certified Incident Handler required
    
  • Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions
    
  • Advanced experience providing analysis and trending of security log data from a large number of heterogeneous security devices
    
  • Experience in incident detection and response, malware analysis, or cyber forensics
    
  • Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.
    
  • IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
    
  • Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc)
    
  • Strong understanding of enterprise networking (host based firewalls, anti-malware, hids, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems' operations, TCP / IP protocols, experience providing analysis and trending of security log data
    
  • Experience creating and tracking investigations to resolution
    
  • Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, Tenable.SC, QualysGuard, etc
    
    
    
    Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
    
    #CJJOBS

Keywords: Marathon TS, Eugene , Tier II Soc Analyst, Professions , Remote, Oregon