Description
About the job
Valiant Solutions is seeking a SOC Analyst (Tier 2) to join our rapidly growing and innovative cybersecurity team!
Candidates will join a fast-paced and creative team of SOC Analysts, Incident Response engineers, Threat Hunters, and Forensic Analysts focusing on the identification, interrogation, exploitation, and reporting of incidents for the enterprise. Valiant Solutions is a company that cares about its employees- we've been named one of the Best Places to Work in the Washington DC area TEN years in a row! If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!
As a SOC Analyst (Tier 2) you and the team will be responsible for manning a 24x7x365 coordination center and responding to alerts, notification, communications and providing incident response activities. The candidate will be responsible for supporting daily SOC operations including but not limited to: Alert analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, understanding of SOC operations requirements and policies. The SOC analysis tasks will be end-to-end including the network, underlying servers and infrastructure (physical and virtual) as well as the application. Candidates will be required to perform SOC triage and response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods. The successful candidate must have a strong understanding of SIEM and endpoint security tools used to source many of the alerts.
This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy.
Candidates will be required to demonstrate proficiency in SOC operations and provide examples of how they process events. Interview will also focus on conceptual and procedural methodologies used to evaluate logical, physical and technical systems compromise. Candidates' understanding of malware analysis, advanced persistent threat, infection vectors and defense strategies will be heavily focused on during the screening process. Additional emphasis will be placed on the candidate’s ability to articulate skills gained from experiences participating in incident response, malware analysis, SOC operations and Incident Response.
Required Experience / Skills:
Minimum of eight (8) years technical experience
5+ years of SOC
2+ years of rule development and tuning experience
Desired: 1+ years Incident response
Experience supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported alerts and Incidents
Support alert and notification triage, review/analysis through resolution / close
Manage multiple tickets / alerts in parallel including end user coordination
Demonstrated ability to evaluate events (through a triage process) and identify appropriate prioritization for response
Demonstrated proficiencies with one or more toolsets such as Bit9/CarbonBlack, Endgame, FireEye HX / CM / ETP, Elastic Kibana
Experience and ability to use, contribute, develop and follow Standard Operating Procedures (SOPs)
In-depth experience with processing and triage of Security Alerts; from multiple sources but not limited to: Endpoint security tools, SIEM, email security solutions, CISA, Threat Intel Sources
Demonstrated experience with triage and resolution of SOC tasks; including but not limited to: vulnerability announcements, phishing email review, Tier 1 IR support, SIEM/Security Tools - alert analysis
Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources
Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools
Demonstrated proficiencies with an enterprise SIEM or security analytics solution including the Elastic Stack or Splunk.
Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
Experience and solid understanding of Malware analysis
Understanding of security incident response processes
Required Certifications: One of the following certifications is required:
GIAC-GCIH – Global Certified Incident Handler
GIAC-GCFE - Global Information Assurance Certification Forensic Examiner
GIAC-GCFA - Global Information Assurance Certification Forensic Analyst
GIAC-GREM - GIAC Reverse Engineering Malware
GIAC-GNFA - GIAC Network Forensic Analyst
GIAC-GCTI - GIAC Cyber Threat Intelligence
GIAC-GPen – GIAC Certified Penetration Tester
GIAC-GWAPT – GIAC Certified Web Application Penetration Tester
CEPT - Certified Expert Penetration Tester (CEPT)
CASS - Certified Application Security Specialist (CASS)
CWAPT - Certified Penetration Tester (CWAPT)
CREA - Certified Reverse Engineering Analyst (CREA)
Responsibilities:
Working hours: 8:45 AM - 5:15 PM Eastern Time
Participate in a rotating SOC on-call; rotation is based on number of team members
Provide first line SOC support with timely triage, routing and analysis of SOC tasks
Produce and review aggregated performance metrics
Participate in on-call rotation for after-hours security and/or engineering issues
Participate in the increase of effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods
Work directly with Security and SOC leadership on cyber threat intelligence reports to convert intelligence into useful detection
Participate in on-call rotation for after-hours security and/or engineering issues
Collaborate with incident response team to rapidly build detection rules as needed
Responsible for supporting 24x7x365 SOC operations including but not limited to: Alert and notification activities- analysis / triage / response, Review and action on Threat Intel for IOCs and other operationally impactful information, initial review and triage of reported Incidents
Perform analysis across all security tools uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods
Monitoring/triage security events received through alerts from SIEM or other security tools; escalate and support to IR as appropriate
IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarmsReview and reporting on anomalous patterns (Hunting) across all security tools / SIEM
Develop in depth understanding of customer and SOC operations requirements and policies
Ensure reports are properly entered into the tracking system
Perform customer security assessments
Supporting incident response or remediation as needed
Participate and develop and run table top exercises
Perform lessons learned activities
Supporting ad-hoc data and investigation requests
Composing reports, updates, security alert notifications, or other artifacts and documents as needed
.png)