OverviewResponsibilities
An average day:As the SOC Analyst I, you will provide tier I cybersecurity support in a SOC environment by tracking and reporting cyber security threats, events, and incidents. You will be expected to perform threat analysis and investigate security incidents. In the event of an incident, you will identify the source of the incident, determine the scope of the incident, and assess the impact of the incident. You will be responsible for providing initial response and containment measures, as well as escalating incidents to higher tiers if necessary. You will report to the Incident Handler Principle and work closely with other Tier I and Tier II personnel to effectively and efficiently provide optimum service to our customers. Additionally, IN this position you will:
- Use intrusion detection technologies to apply techniques for identifying host and network-based
- Create, update, and resolve incident tickets that have been tasked to Tier I and appropriately document all alerts and incidents in the ticketing
- Create new incident tickets for alerts that signal an incident requiring escalation for Tier 2 review.
- Identify, capture, contain, and report malware to protect networks (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
- Recognize and categorize types of vulnerabilities and associated
- Utilize the SOC standard operating procedures (SOP) to perform daily tasks, resolve incidents and preserve evidence integrity. May provide input for and assist with updating procedures.
- Perform damage assessments, secure network communications, and use security event correlation
- Utilize the SOC checklist when reviewing the latest alerts and events from various SOC sensors to determine relevancy and urgency.
- Review open source and other sources of information to identify events that should be transitioned into the incident response process.
- Under supervision, may manage and configure security monitoring tools (SIEM, IDS, Firewall, Access Control Lists, etc.) to mitigate existing threats and vulnerabilities.
- May assist with the design of incident response for cloud service models.
Qualifications
- As a requirement of this position, all candidates must be a U.S. Citizen. In accordance with 8 U.S.C. 1324b(a)(2)(C) , we will not consider candidates for this position who do not meet the aforementioned conditions.
- Must hold an active DOW Interim Secret or Secret Clearance
- Must hold at least one certification as required by Dept. of War (DoW) 8570.01-M and Department of War Directive 8140.01, IAT Level II or Higher OR have the ability to obtain within 6 months of hire.
- Must hold at least one of the following certifications or have the ability to obtain within 6 months of hire: CompTIA CySA+, EC-Council CEH, GIAC GCIA, Microsoft AZ 900, Palo Alto Networks PCCET, or Splunk Core Certified Advanced Power User
- Must have a minimum of one (1) year of professional experience in networking, UNIX/Linux system administration, software engineering, or software development.
- Will accept a bachelors degree in computer science, engineering, information technology, cybersecurity, or related field in place of the 1 year of experience.
- Knowledge of or experience with some of the following:
- Computer networking concepts, OSI model, and network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services, and network security
- Host/network access control mechanisms (e.g., access control list, capabilities lists).
- Network traffic analysis methods an packet-level
- Cyber threats and vulnerabilities; cyber-attack stages, classes of attacks and attackers; cyber defense and information security policies, procedures, and
- Incident response and handling methodologies, incident categories, and timelines for
- Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Malware analysis concepts and methodologies.
- System administration, network, and operating system hardening techniques as well as data backup and
- Proficient in at least one programming language.
- Working understanding of computer forensic techniques and methodologies.
- This team operates in a 24/7 shift environment. The SOC Analyst I will provide support Monday - Thursday, 6:45am - 5:15pm PST.
Pay Transparency StatementAMERICAN SYSTEMS is committed to pay transparency for our applicants and employee-owners. The salary range for this position is USD $38.72/Hr. - USD $40/Hr. Actual compensation will be determined based on several factors permitted by law. AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.