Senior SOC Analyst (Top Secret Clearance Required)
Redstone Arsenal, AL, United States
Full Time Senior-level / Expert Clearance required USD 103K - 192K * est.
Overview
Paradyme, a CATHEXIS Company is a rapidly growing government technology leader that puts service first, for its customers, its team and the communities it supports. We harness DevSecOps and Agile development processes to deliver exceptional results for digital transformations. Based in Tysons Corner, VA, our award-winning culture sets it apart through its team’s deep commitment to service and collaboration with its customers, each other and the community. Learn more at PARADYME
We are seeking SOC Analysts for Junior, Mid, and Senior level openings in support of a critical Law Enforcement customer. The person in this role will support a 24x7x365 Watch Floor team and safeguard the confidentiality, integrity, and availability of an organization's information assets. This position is based at a secured federal facility in Huntsville, AL and requires onsite work.
Active Top-Secret Clearance is required to be considered. Candidates not already in the Huntsville, AL area would have to relocate for ths opportnity. In the early part of this project, limited travel to Washington, DC and/or West Virgina may be required.
Responsibilities
As a SOC Analyst – Senior Level, this position supports a 24x7x365 SOC. Your duties include analyzing relevant cyber security event data and other data sources for attack indicators and potential security breaches; produce reports, assist in coordination during incidents; and coordinate with the engineering team to ensure all security monitoring systems are on-line, up to date, and fully operational.
This position is located on customer site in Huntsville, AL. There are three (3) shifts available: Morning, Afternoon/Evening and Night with rotation to support to weekends/holidays.
Responsibilities for this position include but are not limited to:
- Monitoring intrusion detection and prevention systems and other security event data sources daily.
- Determining if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.
- Serve as a the most senior analyst to work with incident response team until incident closure.
- Solving problems, asking questions, and discovering why things are happening.
- Correlating data from SIEM / Splunk and Endpoint Detection and Response (EDR) systems with data from other sources such as firewall, web server, and Syslogs.
- Tuning and filtering of events and information, creating custom views and content with the assistance of the Engineering and DevOps team.
- Conduct monitoring, analyzing, and responding to threats, contribute to Computer Network Defense, and create solutions to augment Defensive Cyber Operations.
- Lead threat hunts with other team members for potential APTs / TTPs.
- Documenting each incident in the existing ticketing system.
- Coordinating with the DevOps and engineering team to ensure production SOC systems are operational and maintained.
- Reviewing data with the Cyber Threat Intelligence Team, Incident Response Team and other appropriate groups to determine the risk and threat of an event.
- Documenting procedures for handling each security event detected.
- Creating custom queries and develop new use cases to better correlate security event information.
- Identifying misuse, malware, or unauthorized activity on monitored networks and infrastructure.
- Mentor junior staff and maintaining proficiency and skills through relevant training, on-the-job training, and self-study.
- Developing and/or maintaining SOC Standard Operating Procedures (SOPs) and/or Playbooks, which define repeatable processes for activities such as analysis, reporting, and incident response.
Minimum Qualifications:
- Minimum of 8 years of IT experience with at least 4 years as a SOC analyst.
- Demonstrated experience with using Splunk SIEM.
- Experience with incident detection and response, security analysis and support for incident response and post incident analysis.
- Demonstrated experience conduct threat hunts.
- Experience working with Cyber Threat Intelligence and Forensic teams until incident closure.
- Strong analytical, attention to detail and problem-solving skills.
- Excels in team environment and collaborating across teams.
- Good interpersonal, organizational, writing, and communications skills.
Preferred Qualifications:
- Bachelor’s Degree in Computer Science or related field.
- 3 years’ experience monitoring cloud environments
- Experience using Microsoft Sentinel.
- Prefer 1 or more of the following certifications:
- GIAC Continuous Monitoring Certification (GMON)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Cloud Forensics Responder (GCFR)
- GIAC Cloud Threat Detection (GCTD)
Physical Requirements: These are the essential physical requirements needed to successfully perform the job.
- Sedentary work.
- Requires sitting up to 8 hours per day.
- May require lifting up to 5 pounds unassisted.
- Fine repetitive motor skills with hands, wrists, and fingers in coordination with eyes.
- Hearing, speaking, and vision: Adequate to perform job duties and communicate in person, via video, and telephone. Includes reading information from printed sources and computer screens.
- Other: Work may be performed in an office environment, which may involve frequent contact with staff and the public. Work may be stressful at times.
EEO Statement
Paradyme, a CATHEXIS Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact HR@paradyme.us
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Clearance Clearance Required Cloud Computer Science DCO DevOps DevSecOps EDR Firewalls Forensics GCFA GCIA GCIH GIAC GNFA Incident response Intrusion detection Malware Monitoring Security analysis Sentinel SIEM SOC Splunk Threat detection Threat intelligence Top Secret Top Secret Clearance TTPs
Perks/benefits: Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.