Job Description

Job Title SOC T2 Analyst Job Type Full-time Job Location Washington DC Work Location Hybrid (2 days onsite 3 days remote) Clearance and Location Requirements Able to be cleared for a Public Trust clearance. This is a hybrid position and requires to be onsite 2 days a week. One day in Washington, DC or the other day in Manassas, VA. About the Role In this role, you and your team will manage and respond to escalated alerts, notifications, and communications, leading incident response activities from tracking and stakeholder communication to remediation, recovery, and thorough reporting. You’ll ensure all reports are accurately entered into our incident tracking system and coordinate closely with reporting entities for full event understanding. Success in this position requires expertise in cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors to comprehend reports and determine necessary response actions. The ideal candidate must also possess a strong understanding of Splunk SIEM and be proficient in supporting forensic tools. Role Responsibilities Incident Response: Actively participate and provide support in all phases of security incident response, including tracking, stakeholder communication, remediation, and recovery Alert Triage & Investigation: Perform Level 2 triage of incoming incidents, providing initial assessment of priority, determining incident nature and risk, and appropriately routing security or privacy data requests Deep Dive Analysis: Conduct comprehensive incident response analysis leveraging expertise in cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors Tool Proficiency: Utilize Splunk SIEM and support forensic tools to monitor, investigate, and correlate security events Reporting & Documentation: Ensure all incident details are accurately entered into the incident tracking system Develop detailed incident report during and after incidents, outlining mitigation, recovery, and operational return-to-normal actions Record and report all incidents in adherence to Federal and department policies Create and track network incidents and investigations through to closure Stakeholder Coordination: Coordinate with reporting entities (e.g CISA) to fully understand event details and facilitate effective communication with stakeholders Operational Guidance: Serve as key personnel for Incident Management, providing coordination, task assignment, and process guidance for incident response events SOP Adherence & Escalation: Strictly follow established SOPs, policies, and procedures for timely escalation and notification of Federal leadership and reporting Remediation & Recovery: Actively participate in the remediation and recovery of incidents generated by live threats against the enterprise Control Optimization: Review, revise, and recommend enhancements to technical, process, and physical security controls Defensive TTP Development: Develop and implement defensive cyber best practice tactics, techniques, and procedures to strengthen our security posture Mentorship: Manage assigned investigations, ensuring active progress and assist Tier 1 analysts as needed to resolve investigations Required Qualifications US Citizenship and must be able to pass a background investigation (Public Trust – High) 4 years of Information Technology experience Bachelor’s in science in Computer Science, Information Systems, Mathematics, Engineering, or a related degree OR an additional 2 years of relevant experience Cybersecurity certifications are preferred but not required Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client. Demonstrate proficiency in the Incident Response Process and SOC operations and a good understanding of threat hunting Good understanding of system log information and where to collect specific data/attributes as required for the Incident Events Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations Experience performing log analysis and reporting Experience creating and tracking investigations to resolution Experience with Endpoint security solutions, including but not limited to Windows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST, ISO) Solid understanding of the application, authentication, network security principles, and operating system hardening techniques General knowledge of cyber-attack frameworks (MITRE ATT&CK and Lockheed Cyber Kill Chain) Understanding of Computer Network Defense (CND) policies, procedures, and regulations SIEM monitoring and analysis, analyzing network traffic, log analysis, prioritizing and differentiating between potential intrusion attempts and false alarms Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategies Ability to work independently to address and resolve a security incident with minimal supervision #J-18808-Ljbffr Source2Hunt LLC

Job Tags

Similar Jobs