Candidate should have strong communications skills, both written and verbal. Be comfortable communicating with teammates, customer technical personnel and Leads and Managers
The preferred candidate is REQUIRED to have:
- Three (3) to five (5) years of Security Incident Response, Security Operations Center, and/or threat analysis experience.
- Demonstrated experience using either an Enterprise and or cloud Security SIEM technologies as an analyst.
- Ability to support and work across multiple customer and bespoke systems.
- Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.
- Strong Documentation (SOP/Standard Operations Procedure) development.
- Understanding of Ticket Flow.
- Strong Trouble Shooting Skills.
- Understanding of how to read inbound and outbound traffic.
- Complete basic safety and security training to meet the customer requirements.
- Ability to work a rotating shift and on-call schedule as required.
- CompTIA Security + certification or equivalent/higher
- Selected candidates must be US Citizens.
Candidate Preferred Requirements
The Preferred candidate holding one or more of the industry certifications will be a plus.
- Certified Ethic Hacker (CEH) or equivalent
- Certified Incident Handler (GCIH or ECIH)
- Splunk Power User Certification
- Other Certs – such as CompTIA Networking+, any Cloud Certifications, Devo, Splunk, Azure Sentinel
Qualifying Experience and Attributes
- Experience with one or more SEIM: Devo, McAfee ESM, Splunk, Azure Sentinel, Q-Radar, ArcSight, etc.
- Able to use the internet to do research on events of interest.
- Familiar with the cyber kill chain.
- Familiar with Mitre ATT&CK and Mitre D3FEND
- Familiar with common cybersecurity frameworks, regulations, and compliance standards
- Working knowledge of cybersecurity and privacy principles.
- Working knowledge of cyber threats and vulnerabilities.
- Familiarity withencryption algorithms, cryptography, and cryptographic key management concepts.
- Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of incident response and handling methodologies.
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of escalation, incident management and change management processes and procedures of a SOC.
- Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Familiarity withnetwork security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Proficient in performanceof packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.