CSOC Tier 2 Analyst**Immediate Opportunity****Onsite**CSEngineering is looking to add a CSOC Tier 2 Analyst to our growing team! As the Cyber Security Operations Center (CSOC) Tier 2 Team Lead, you are responsible for overseeing and managing the activities of the Tier 2 Team in our client's Security Operations Center. Your role involves leading a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment at the Tier 2 Level. You play a critical role in analyzing and resolving cyber threats or escalating incidents for Tier 3 response as necessary. Leadership skills, technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role.
JOB RESPONSIBILITIES- Respond promptly and effectively to security incidents and threats discovered by CSOC Analyst Level I and carry out effective Level II analysis of incidents.
- Remediation of incidents and escalation when necessary to Tier 3 support
- Initial assessment of the scope of the attack and affected systems
- Accurately document cases during investigations and effectively communicate findings to Level I Analyst or escalation team to ensure complete handover of work streams.
- Continuously improve incident management processes through periodic threat hunting exercises, knowledge optimization effort building, and by comprehensive diagnosis and analysis of incident trends.
- Follow the issue tracking, escalation policies and work effectively across all CSOC tiers as the technical competence requires.
- Dedicated monitoring and analysis of cyber security events by use of SOC tools
- Incident Response generation and reporting IAW established procedures.
- Provide Level II technical support in CSOC operations and activities.
- Provide daily/weekly updates on CSOC operations and developments.
- Conduct Forensic analysis and respond to data call activities.
- Generate quality technical reports containing methodologies, findings, and recommendations.
- Work with external stakeholders to understand operational needs and develop effective processes.
- Maintain a current understanding of industry trends, emerging cyber threats, and new solutions which may impact CSOC activities.
- Collaborate with CSOC SME to ensure optimal performance using CSOC technology.
- Identify, reverse engineering and de-obfuscating digital content related to an incident.
REQUIRED CERTIFICATIONS AND QUALIFICATIONS- Bachelors in information technology, Computer Science, or a related field; or relevant, commensurate work experience.
- 5+ years of experience within a Level Tier 2 cybersecurity environment; experience in a leadership role is preferred.
- Robust Certification Portfolio including Security+, Network+, CEH, Azure or Cloud Certification, and Splunk Core Certified Power User.
- Ability to work a day or night shift rotational schedule.
- Vulnerability/cyber incident management framework.
- Experience with advanced technologies such as: Splunk SaaS, Splunk Enterprise Security, Splunk SaaS UBA, Crowdstrike, Tenable, Forescout, zScaler, Bigfix, MaaS-360 (IBM MaaS-360), and Encase for forensic investigations, Fireeye, Cortex XSOAR, Cortex XDR, and Prisma-Access.
- Prior HHS experience a plus.
- Must be a US Citizen.
Location: Parklawn Drive, Rockville MD (Onsite)CSE offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.
