Tier 2 SOC Analyst

There’s something about cybersecurity every day in the news - whether it’s another major breach or heightened attention around tackling the major issues the industry is facing as we grapple with increasingly sophisticated attacks from nation-state sponsored and criminal threat actors alike. It takes a steady hand and passion to run towards the challenges that exist while protecting people and organizations from cybercrime. That’s where you come in! 

Are you adept at managing a lot of data and helping make it actionable for others? Do you want the opportunity to make a difference in a growing organization? Join our team as our new Tier 2 SOC Analyst! Our analysts are the first line of defense for each of our clients, tasked with the critical responsibility to triage and make critical decisions about how to investigate and address suspicious activity in a client’s network. The position requires complete monitoring, triage, and incident response functions for a 24/7/365 Security Operations Center (SOC). 

In the C3 SOC, we put people first in our drive for operational excellence, which includes our clients and our employees. As a Tier 2 SOC Analyst, you’ll be working with a mix of team members with different entry paths into our field, some from traditional IT backgrounds and many others who have crossed into cybersecurity from completely unrelated fields ranging from music education to Emergency Medical Technicians. We believe that having technically competent analysts with diversity of thought, culture, and experiences not only creates a better world but also fosters a more inclusive work environment and gives us a competitive advantage to better protect our range of clients with the ability to consider threats from more diverse perspectives. 

How you’ll make an impact: 

As a Tier 2 SOC Analyst, you will play a key role using your technical expertise and leadership experience to advance our SecOps team. You will actively monitor security alerts, perform threat hunting, and escalate tickets in order to manage potential threats/risks for our clients. Plus, you will help shape and develop junior staff and interns through coaching and mentoring. 

What You’ll Do: 

• Perform in-depth analysis on security events, intrusion detection, malware analysis, threat hunting, and all phases of security event monitoring and incident response.
• Threat Hunting and Incident Response: Lead and assist with the investigation of complex security events using tools such as Microsoft Sentinel, CrowdStrike, SentinelOne Deep Visibility, and Opensearch.
• Review client-facing communications to ensure accuracy and thoroughness.
• Serve as a primary point of contact, coordinate and lead regular calls with SOC clients, and respond to client requests and concerns.
• Review of Tier 1 and intern work product: SOAR cases, client tickets, metrics, and reports
• Client Vulnerability Lifecycle Management: Tracking and reporting to clients
• Phishing Email Helpdesk: Triage and sandboxing URLs, attachments, headers, etc to determine if reported emails are malicious 

What You’ll Bring: 

• 2+ years of related industry experience in a SOC and/or with incident handling/response; or equivalent industry experience
• Demonstrated experience with a variety of IDS/IPS, SOAR, SIEM, and cybersecurity analytical tools.
• Experience with analysis and investigation within next-generation AV/EDR tools and queries (SentinelOne Deep Visibility, Cylance OPTICS Instaqueries, etc.)
• Experience investigating or performing analysis with big data and/or no-SQL databases (ELK, Opensearch, Mongo)
• Familiarity or experience in Cyber Kill Chain methodology, MITRE ATT&CK framework, and malware analysis.
• Demonstrated experience analyzing high volumes of logs, network data (e.g. Netflow, Full Packet Capture), and other attack artifacts in support of incident investigations.
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Demonstrated commitment to training, self-study, and maintaining proficiency in the technical cybersecurity domain and an ability to think and work independently.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create straightforward, plain-language technical reports from complex analytic findings.
• Working knowledge of one or more scripting and/or programming languages (PowerShell, Javascript, Java, etc.)
• Strong analytical and troubleshooting skills. 

Bonus Qualifications (Not required) 

• Certifications: CISSP, Microsoft Certified: Security Operations Analyst Associate, Security+, Microsoft Certified: Identity and Access Administrator Associate, CySA+, OSCP, GIAC, GMON, GCDA, GSOC, or GCED
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors, methods of exploitation, and threat actor tactics, techniques, and procedures (TTPs).
• In-depth knowledge of architecture, engineering, and/or operations of one or more of the following: ElasticSearch, OpenSearch, Splunk, QRadar, Siemplify, Swimlane, Stellar Cyber, Cortex XSOAR, FortiSOAR.
• Proficiency with any of the following: Next-Generation Anti-Virus, EDR, XDR, HIPS/HBSS, IDS/IPS, Network Forensics, Computer Forensics (live and dead box). 

Location: Remote Work with preference for local resource, with as-needed on-site at our Cyber Innovation Center office in Bossier City, LA and/or customer locations 

What You'll Get: 

• To be a part of one of the fastest-growing companies in America, and a talented team to back you up.
• An awesome culture, backed up by winning several Best Places to Work awards.
• Remote work opportunities
• Medical, Dental, Vision Insurance
• Four Weeks of Paid Time Off (vacation & sick leave)
• Four weeks of Paid Maternity and Paternity leave
• Two days of Paid Volunteer Time
• 401(k) with 4% Company Match
• Company Bonus Structure
• Tuition Reimbursement
• Employer-sponsored Disability & Life Insurance
• Professional Development
• Free, industry-leading training through platforms like LetsDefend 

Interested? Awesome! Here’s what you need to know about us:  

The C3 MSSP SOC is based out of Louisiana, so we are focused on establishing Louisiana as a cybersecurity center of excellence. That means being the best at what we do so we can bring cybersecurity industry jobs to the state of “Union, Justice, and Confidence”. We would love to provide this Tier 1 SOC Analyst opportunity to a resident of the state, but it isn’t a deal-breaker as we have team members all over the country. If you’re interested, don’t let location stop you. 

C3's Core Values: 

• Team Human: Respecting all humans is a critical part of who we are at C3. We practice integrity in all interactions, we empathize with others, we create a supportive work environment, and we support the communities in which we live and operate. 

• Security First: At the cornerstone of our business, we prioritize security above convenience, cost or efficiency. A “security-first” approach means we practice what we preach and we lead by example for our clients. 

• Be an Advocate: We are passionate in our advocacy for our customer’s success and a path to the best solution for their business. We embrace feedback, put ourselves in your shoes and advocate for your interests as our own. 

• Embrace Change: More than a core value, at C3 it's a practical necessity in an industry that never stands still. As a new entity born from the merger of two top-ranked CMMC-focused IT services companies, we're keenly aware that our success hinges on our ability to adapt—whether that means integrating new platforms, refining processes, or keeping pace with changing CMMC guidelines. 

• Resilience: Our ability to withstand adversity and accomplish objectives while maintaining professionalism and discipline is critical to successful crisis management and risk avoidance.