Soc Analyst Ii Jobs

For more than 40 years, Calian has been solving the world’s most complex problems by pairing the brightest minds with powerful technology. Calian solutions impact the world; from the satellites in space that connect us to the farms that feed us, from the medical professionals who care for us to the governments, schools, and companies that make the world better every day.
Position Overview
We are seeking a qualified Security Operations Center (SOC) Analyst – Tier II. The SOC Analyst – Tier II will play a pivotal role in handling more complex/high-priority cybersecurity alerts & incidents originating from Calian customers nationwide. This role provides an opportunity to work with advanced Network and Endpoint Detection, SIEM, and Incident Response (IR) tools in support of a comprehensive cybersecurity program, while also participating in training development, critical event reviews, and UAT for new SOC tools. We are looking for someone with an interest in analyzing, identifying, and eliminating customer security alerts and events and is driven by the challenging demands of cybersecurity. If you are seeking new opportunities to develop technical acuity, are innovative, and are eager to learn in a rapidly evolving field, this is the place for you.
Responsibilities

• Conduct a thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, Anti-Virus, and customer escalations.
• Deliver training modules and conduct assessments with new hires
• Launch and track investigations to resolution.
• Employee must be able to perform essential functions of the job with or without reasonable accommodation.
• This employer will not sponsor applicants with work visas.
• Provide incident response – triage, incident analysis, remediation, and recovery.
• Write or provide input to our Learning and Development team on KB Articles or training content
• Perform other duties as required and/or assigned.
• Critical Event Reviews – performing secondary audits of selected signals and following up with analysts and clients as necessary
• Respond to security-related alerts and escalations in a timely manner.
• Maintain situational awareness of the latest cybersecurity threats, vulnerabilities, and mitigation strategies
• Differentiate false positives from true intrusion attempts.
• Provide on-call support for after-hours security-related events.
• Demonstrate problem-solving skills that contribute towards the resolution of issues that arise.
• Complete more complex high-priority/escalated client support tickets
• Secondary review and approval of permanent signal filters, Global Blacklist IP Nominations, and high-priority client alerts
• Participate in the computer security incident response team CSIRT.
• Recognize successful potential intrusions and compromises through review and analysis of relevant event detail information; block malicious network traffic and isolate infected hosts on customer networks.
• Participate in Incident/Breach response investigations and deliver incident response reports and after-action reviews
• Perform real-time proactive security monitoring, detection, and response to cybersecurity events using a variety of forensic tools
• Ongoing mentoring and coaching of Tier I Analysts
• Participate in Quarterly Service Reviews (QSRs) with our Customer Success Team providing technical input from the SOC where necessary
• Effectively communicate the findings of investigations of intrusions or compromises to concerned stakeholders
• Work on various internal projects/initiatives such as UAT of new SOC tools, working cross-functionally with other teams /departments as a stakeholder for the Service Delivery Organization

Qualifications

• Linux Kernel and basic scripting (Bash/Python) knowledge
• Snort/Suricata, Packet Capture (PCAP) Analysis using Wireshark (Optional or Bonus)
• Windows system internals, knowledge of PowerShell
• Understanding of network architecture including the TCP/IP stack and the capture and analysis of network traffic
• Hands-on experience in at least one of the following security domains:
• Demonstrated experience in confidently handling escalated client issues, diffusing challenging situations, and delivering an optimal customer experience
• Knowledge of vulnerability management functions and how they relate to a risk-based security model
• Network Security including Intrusion Detection Systems (IDS)
• Ability to work in an operational/shift-based environment
• Carbon Black Response/Threat Hunter, Crowdstrike Falcon, or Microsoft Defender ATP.
• Understanding of syslog functionality
• Strong customer-facing written and verbal communication skills with the ability to effectively communicate complex security concepts with end customers
• Knowledge and experience of network and endpoint security technologies including:
• SIEM/Log Management, using products such as SumoLogic, Splunk, or similar
• Relentless focus in delighting customers and treating colleagues with respect, regardless of position.
• Windows Endpoint Security, using EDR products such as VMware
• Natural ability to thrive in a fast-paced and time-sensitive environment
• Analytical mind with strong attention to detail and a commitment to quality of service

Additional Qualifications

• 3+ years’ full-time experience in a Security Operations Center or similar Cyber Security Analysis role excluding time spent on an intern or work experience program preferred
• SANS GIAC, EC-Council, CompTIA Network/Security+, CCNA CyberOps or equivalent certifications preferred
• Bachelor’s degree in Engineering, Computer Science, Information Security, or Information Systems preferred

EEO Statement
Calian is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, or any other characteristic protected by law.