Job Description
Location: Ideally located in College Park, Maryland. Remote candidates from across the U.S. may also be considered.
Schedule: This role follows a Panama schedule, utilizing a rotating shift pattern with four teams and two 12-hour shifts to provide 24/7 coverage. The working and non-working days follow this pattern: 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off.
U.S. Citizenship Required
### Summary
We are seeking dedicated and skilled Security Operations Center (SOC) Analysts to join our dynamic team. In this role, you will play a vital part in defending our global clients against persistent cyber threats. You will work in a fast-paced environment, identifying, responding to, and mitigating adversarial activities to minimize the impact and duration of security incidents.
As a Level 3 Analyst, you will serve as the technical expert and escalation point for your team. Your deep knowledge of modern attacks, intrusion data analysis, and remediation strategies will ensure timely and effective responses to security threats. You will mentor junior analysts, act as a trusted advisor to clients, and be a formidable force against adversaries. Your experience will also provide valuable insights into technology strategy and process enhancements.
### Key Responsibilities
- Take charge of active intrusions and escalations from Level 1 and Level 2 analysts, utilizing your expertise to delve into client systems and logs to detect and trace attacker activity.
- Maintain high standards of documentation and communication to ensure clients understand the situation and necessary actions to address security threats effectively.
- Monitor and analyze security events from various sources, including SIEM logs, endpoint logs, and EDR telemetry.
- Research indicators and activities to assess reputation and identify suspicious attributes.
- Perform detailed analyses of malware, attacker network infrastructure, and forensic artifacts.
- Conduct complex investigations and manage incident declarations.
- Execute live response analysis of compromised endpoints.
- Proactively hunt for suspicious activity based on anomalies and curated intelligence.
- Participate in the response, investigation, and resolution of security incidents.
- Engage with incident response teams for active intrusions, ensuring proper identification, analysis, and escalation of events.
- Contribute to the development and enhancement of security policies, procedures, and automation.
- Mentor and serve as a technical escalation point for lower-level analysts.
- Regularly communicate with clients to keep them informed about incidents and assist with remediation efforts.
### Basic Qualifications
People Skills:
- Ability to manage high-pressure situations with professionalism and composure.
- Experience collaborating with customers to understand their security needs and provide feedback on services.
- Exceptional written and verbal communication skills, capable of translating complex technical topics into clear, understandable language.
- Strong teamwork and interpersonal skills to effectively engage with a globally distributed team.
- Willingness to work in a 24/7 environment, including nights and weekends, on a rotating shift schedule.
Technical Skills:
- Proficient in SIEM solutions, Cloud App Security tools, and EDR.
- Advanced understanding of network protocols and telemetry.
- Knowledge of forensic artifacts and analysis for Windows and Unix systems.
- Expertise in analyzing Endpoint, Web, and Authentication logs.
- Experience in detection creation within SIEM/EDR.
- Familiarity with responding to modern authentication attacks.
Additional Skills:
- Deep knowledge of common attack paths, including techniques used by adversaries.
- Understanding of malware detection methods, including both dynamic and static analysis.
- Experience with network monitoring and analysis.
- Familiarity with email security and business email compromise attacks.
- Knowledge of forensic artifacts related to Windows and Unix systems.
### Preferred Qualifications
- Experience in intrusion analysis, incident response, digital forensics, or related fields.
- A minimum of 5 years of hands-on experience in a SOC, TOC, or NOC environment.
- Relevant certifications such as GCIA and GCIH are required; additional certifications like GCFA, GCFE, CISSP, Security+, Network+, CEH, RHCA, RHCE, MCSA, MCP, or MCSE are preferred.
- Familiarity with technologies such as Sentinel, Splunk, Microsoft Defender suites, and CrowdStrike Falcon.
- Understanding of GPO, Landesk, or other IT infrastructure tools.
- Knowledge of one or more programming languages, including JavaScript, Python, Lua, Ruby, GoLang, or Rust.
### Education
- A minimum of a bachelor's degree in Information Security, Computer Science, or a related IT field, or equivalent experience.
### Equal Opportunity Statement
We are committed to providing equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, national origin, age, disability, or genetics.
All employees must be authorized to work in the United States.
Employment Type: Full-Time
Salary: $ 40,000.00 140,000.00 Per Year
Job Tags
Full time, Shift work, Rotating shift, Weekend work,