SOC Analyst Senior

Everforth ECS is seeking a SR SOC Analyst to join our team in Windsor Mill, MD office.

Availability to work 2 weeks in office/2 weeks remote, W-Sat, 12P-10P. Saturday is always remote.

Position Responsibilities:

Perform hunting for malicious activity across the network and digitalassetsRespond to computer security incidents and conduct threatanalysisIdentifyand act on malicious or anomalousactivityConducts analysis using a variety of tools and data sets toidentifyindicators of malicious activity on thenetworkPerform detailed investigation and response activities for potential securityincidentsProvideaccurateand priority driven analysis on cyber activity/threatsPerform payload analysis ofpacketsRecommends implementation ofcountermeasuresor mitigating controlsEnsures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitiveenvironmentCollaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of maliciousactivityDevelop innovative monitoring and detection solutions using client tools and other skillsets such as scripting and contentdevelopmentMentor junior staff in cybersecurity techniques and processesCreate and continuously improve standard operating procedures used by theSOCResolve or coordinate the resolution of cyber securityeventsMonitor incoming event queues for potential securityincidentsCreate, manage, and dispatch incidentticketsMonitor external event sources for security intelligence and actionableincidentsMaintain incident logs with relevantactivityDocument investigation results, ensuring relevant details are passed to SOC Lead, Incident Management team andstakeholdersParticipate in root cause analysis or lessons learnedsessions

Job Requirements:

In-depth knowledge of the US-CERT Federal Incident Notification Guidelines6 years of Information Technology experience, with at least 4 years of experience in information security working within security operationsStrongknowledge of Splunk Enterprise, Enterprise Security, and SOAR productsStrongknowledge ofCrowdStrike,TrendMicro and McAfeehost-basedsolutionsCareer proven knowledge of log, network, and system forensic investigation techniquesSignificant experienceperforming analysis of log files from a variety of sources, to include individual host logs, network traffic logs,firewalllogs, or intrusion preventionlogsSignificant experiencewith packet analysis (Wireshark) and Malware analysispreferredIntelligence driven defenseutilizingthe

MITRE ATT&CK

framework andCyber Kill Chain (CKC)Knowledge of diverse operating systems, networking protocols, systemsadministrationand security technologiesKnowledge of TCP/IP Networking and knowledge of the OSI modelExperience creating actionable content for a diverse range of commercial security tools and/or SIEMtechnologiesSignificant experiencemonitoring threats via a SIEM consoleExcellent problem solving, critical thinking, and analytical skills with the ability to de-constructproblemsStrong customer service skills and decision-making skillsAbility to develop strong knowledge ofclient infrastructure