Apply on Employer Site

UltraViolet Cyber · 5 months ago

Senior Security (SOC) Analyst, Secret Clearance Required

Herndon, VA

Full-time

Onsite

Mid, Senior Level

$80K/yr - $120K/yr

5+ years exp

UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. They are seeking a Senior Security (SOC) Analyst who will monitor and analyze security events and alerts reported by the SIEM to identify and investigate suspicious or malicious activity. The analyst will also document investigations and manage security event artifacts within the SOC incident tracking application.

ComputerInformation TechnologyNetwork Security

No H1B

Security Clearance Required

Responsibilities

Monitor and analyze security events and alerts reported by the SIEM on a 24x7 basis to identify and investigate suspicious or malicious activity, or other cyber events which violate policy

Work with a large team that rotates 3x12 or 4x12 hour shifts

Analyze logs and events from any other device types which may send logs or events to the SOC in the future

Provide documentation detailing any additional information collected and maintained for each security investigation

Record all artifacts (i.e. emails, logs, documents, URLs, screenshots, etc.) associated with all security events and incident investigations within the SOC incident and tracking application

Qualification

Security Operations Center (SOC)Active US Secret Security ClearanceNetwork communications knowledgeLog analysis8570 Certification(s)Splunk query languagePCAP analysisTanium threat responseWindows Active DirectorySIEM platforms experienceCommunication skills

Required

Active US Secret Security Clearance

5+ years of experience working in a Security Operations Center (SOC) or Network Operations Center (NOC) environment performing security event monitoring and analysis

Working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks

Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)

Familiarity with adversarial tactics, techniques, and procedures (TTPs)

Must be capable of analyzing security logs and events from the following types of devices such as, but not limited to: Firewalls (FWs), Intrusion Detection Sensors/Intrusion Prevention Sensors (IDS/IPS), Host-based Intrusion Detection System/ Host-based Intrusion Prevention System (HIDS/HIPS), Additional: proxy/web filter, vulnerability scans, routers, router Internet Protocol (IP) accounting systems (i.e., Cisco NetFlow), Virtual Private Network (VPN) gateways/concentrators, server event logs, e-mail and host anti-virus, desktop security monitoring agents, anti-virus servers, IP services (i.e. Domain Name System (DNS) Services, Dynamic Host Configuration Protocol (DHCP), Additionally: network address translation devices, MDM (e.g. cellphones), Public Key Infrastructure (PKI), and cloud security infrastructure (e.g. Amazon Web Services (AWS), Azure, Oracle, Salesforce, etc.)

8570 Certification(s): Security+ or equivalent

High school diploma needed

Must be legally allowed to work in the US, and the work must be done in the US

Preferred

Certification(s): Security+, GCIH, CEH, or CYSA+ is desired

Experience with Splunk query language

Experience with IDS/IPS/firewall/security configurations and signature development

Experience with PCAP analysis

Experience with Tanium threat response

Ability and prior experience with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes the identification of malicious code present within a computer system as well identification of malicious activities that are present within a computer system and/or enterprise network

Experience working with a ticket management system to collect, document and maintain information pertinent to security investigations and incidents

Excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings

Experience in monitoring the operational status of monitoring components and escalating and reporting outages of the components

Conceptual understanding of Windows Active Directory is also desired

Experience working with various event logging systems and must be proficient in the review of security event log analysis. Previous experience with SIEM platforms that perform log collection, analysis, correlation, and alerting is also preferred

Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment

Experience in collecting and maintaining information pertinent to security investigations and incidents in a format that supports analysis, situational awareness reporting, and law enforcement investigation efforts