Tier 2 Soc Analyst-After Hours

Exciting Contract opportunity with a great company. Candidates must be US Citizens and able to clear a CJIS background check. No C2C or C2H for this role.

Please note: this person needs to be comfortable working after business hours operations, to include evenings after 5 pm and overnights as well as weekends and holidays.

The Tier 2 Security Operations Center Analyst needs to have experience in using SIEM technologies to support in-depth investigations and threat hunting activities. Experience with Devo, Netwitness, Azure Sentinel or other SEIM technology is required.

Key Responsibilities

• Working tickets via ticketing systems
• Engaging support of Tier 3 Analysts
• Creating tickets for various needs of the SOC
• Alerting Customers to possible malicious events
• Determining service impact of security events
• Escalate tickets/activities as needed.

Day to Day Responsibilities

• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or overserved threats.
• Conduct research, analysis and correlation across a wide variety of all source data sets
• Document and escalate incidents that may cause ongoing and immediate impact to the environment.
• Provide timely detection, identification and alerting of possible attacks.
• Receive and analyze security alerts from various sources within the enterprise and determine possible cause of such alerts.

Preferred Experience and Attributes

• Familiar with cyber kill chain
• Experience with one or more SIEM: Devo, RSA Netwitness, Splunk, Azure Sentinel, Q-Radar
• Working knowledge of Intrusion Response
• 3-5 years of Security Incident Response, Security Operations Center and or threat analysis
• Knowledge of TCP/IP-addressing, routing protocols and transport protocols
• Familiar with encryption algorithms
• Holding one or more of the industry certifications will be a plus (Ethical Hacker (CEH) or equivalent.
• CompTIA Security plus certification (equivalent or higher)
• Knowledge of incident response and handling methodologies
• Demonstrated experience using either enterprise and/or cloud Security SIEM technologies as an analyst.
• Familiar with Mitre ATT&CK and Mitre D3FEND

·