SOC Analyst - Tier 1 (Onsite)

Job Title: SOC Analyst - Tier 1 (Onsite)
Location: Washington, DC
Duration: 12 Months+
Job Description:
The client is the central technology organization of the client Government. It sets the standard for a number of information technology functions including the security policies and procedures for the District's IT footprint. The Citywide Information Security serves as the lead in this endeavor.
The Citywide information security team is looking for 2 Tier 1 Security Analysts. Each role is responsible for monitoring The Security Operations Center by responding to alerts, notification, communications and providing incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions and reporting pertaining to security incidents. The analysts follow standard operating procedures for detecting, classifying, and reporting incidents under the supervision of Tier 2 and Tier 3 staff.
Roles and Responsibilities

• Perform real-time monitoring of internal and information technology security equipment and systems to determine operational status and performance making use of various Security Incident and Event Management (SIEM) tools, SOAR platforms and other related security management/console applications, such as network traffic and data analytics.
• Analyze both raw and processed security alert and event data to identify potential security incidents, threats, mitigations, and vulnerabilities.
• Support follow-on actions, such as coordinating with other organization teams to facilitate remediation of the alert/event/incident, and close out the investigation.
• Perform initial alert/event/incident triage used for investigation.
• Initiate incident notification, case tracking/management, recovery actions, and report status updates.
• Perform incident response analysis uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
• Coordinate process and procedure actions with geographically separated team members.

Detailed Tasks: Incident Response

• Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
• Participate in the remediation of incidents and responses that are generated from live threats against the enterprise.
• Coordinate and provide technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Assist in real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).

Desired Background

• Bachelors’ degree in either: Computer Science, Engineering, Information Technology, Cyber Security, or equivalent experience in Cyber/IT roles (SOC experience preferred, but not required)
• preferred Cyber Security Certifications such as CompTIA Security+
• Excellent written and oral communication skills.
• Self-motivated and able to work in an independent manner.

Compliance

• Understand, enforce, and adhere to the company policies and procedures.
• Have read and understand the Information Security Policy and supporting procedures and do not hinder in any way the proper execution of procedures defined within.
• Understand and abide by our non-disclosure and confidentiality agreements.

Responsibilities:

• Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
• Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.
• Develops, leads, and executes information security incident response plans.
• Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
• May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.

Minimum Education/Certification Requirements:

• BS Degree in IT, Cybersecurity, or Engineering, or equivalent experience

Skills: