Candidate Requirements
Candidate should have strong communications skills, both written and verbal. Be comfortable communicating with teammates, customer technical personnel and Leads and Managers
The preferred candidate is REQUIRED to have:
- Three (3) to five (5) years of Security Incident Response, Security Operations Center, and/or threat analysis experience.
- Demonstrated experience using either an Enterprise and or cloud Security SIEM technologies as an analyst.
- Ability to support and work across multiple customer and bespoke systems.
- Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.
- Strong Documentation (SOP/Standard Operations Procedure) development.
- Understanding of Ticket Flow.
- Strong Trouble Shooting Skills.
- Understanding of how to read inbound and outbound traffic.
- Complete basic safety and security training to meet the customer requirements.
- Ability to work a rotating shift and on-call schedule as required.
- CompTIA Security + certification or equivalent/higher
- Selected candidates must be US Citizens.
Candidate Preferred Requirements
The Preferred candidate holding one or more of the industry certifications will be a plus.
- Certified Ethic Hacker (CEH) or equivalent
- Certified Incident Handler (GCIH or ECIH)
- Splunk Power User Certification
- Other Certs – such as CompTIA Networking+, any Cloud Certifications, Devo, Splunk, Azure Sentinel
Qualifying Experience and Attributes
- Experience with one or more SEIM: Devo, McAfee ESM, Splunk, Azure Sentinel, Q-Radar, ArcSight, etc.
- Able to use the internet to do research on events of interest.
- Familiar with the cyber kill chain.
- Familiar with Mitre ATT&CK and Mitre D3FEND
- Familiar with common cybersecurity frameworks, regulations, and compliance standards
- Working knowledge of cybersecurity and privacy principles.
- Working knowledge of cyber threats and vulnerabilities.
- Familiarity withencryption algorithms, cryptography, and cryptographic key management concepts.
- Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of incident response and handling methodologies.
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of escalation, incident management and change management processes and procedures of a SOC.
- Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Familiarity withnetwork security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Proficient in performanceof packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.