Security Operations Center Analyst SME (Level 3)
The Security Operations Center (SOC) Analyst will support the following areas: incident response, monitoring and detection, and cyber intelligence analysis. The selected candidate will work in Washington, DC and must be willing to travel to other locations as duties and customers require.
- Monitor logs, review alerts, and identifying and escalating incidents that require higher-level support.
- Assess the latest security alerts to determine implications and urgency.
- Collaborate with other teams to assess risk and develop improvement strategies for security posture.
- Run vulnerability scans and review vulnerability assessment reports.
- Create and track security investigations to resolution.
- Stay up-to-date with current vulnerabilities, attacks, and countermeasures.
- Anticipate program challenges and risk scenarios and prepare, lead, and execute proactive response strategies to ensure optimal results.
- Develop and deliver internal and client-facing program reviews, status reports, performance reports and other communications.
- Lead technical meetings and workgroup sessions with relevant SMEs.
- The selectee will be expected to perform additional job duties as needed to support the customer and our company.
Qualifications of a Level 3 SOC Analyst SME:
- Demonstrates excellent communication amongst their peers, direct management and other employees outside the SOC including C-level management. Ability to write good documentation. Capable of speaking/presenting within large groups.
- During analysis can identify patterns, trends and model approach.
- Ability to monitor for potential compromise, intrusion, deficiency, significant events or threats to the security posture and security baseline. Ability to follow intrusion and escalation process.
- Demonstrates the ability to use tools like WireShark and TCP Dump to conduct deep packet analysis.
- Knowledge of the following; NIST 800, CSF, FedRAMP, CIS Controls, Cyber Kill Chain, MITRE ATT&CK, etc.
- Great understanding of what Linux is and familiarity on where and how its used.
- Excellent understanding of Windows events and normal processes. Experience using the Windows CLI (CMD prmpt), Powershell, batch files, etc.
- Advanced knowledge of TCP/IP protocols.
- Excellent use of two or more of the following scripting languages; java script, python, php, perl, etc.
- Excellent understanding on how to conduct threat research and gather information on IOCs while keeping up to date on the latest Cyber Security news, APT activity, and leveraging this information to improve the SOC's security posture.
- Hands on experience writing, testing, and tuning signatures for IDS/IPS.
- Minimum requirements: Master’s or Bachelor’s degree, preferably in IT, plus at least six years of related experience, three or more years in SIEM
- Knowledge required: Strong understanding of basic computer science and IT operation; Strong understanding of cybersecurity and security operations concepts
- Must have an active Public Trust
- Must be a U.S. citizen.
Nice to Haves:
- Preferred Certifications: CISSP, GCIH, GCED, GCIA, OSCP, CEH, CISM
- Previous Federal Government experience
- Experience with Agile methodologies
- Strong ability to foster collaborative work in dynamic team environment
For this contract position, M Powered Strategies is working in partnership with ConQuest Federal, a wholly owned subsidiary of United Data Technologies. Our companies form one team committed to supporting IT services at the Federal Retirement Thrift Investment Board, a small federal agency that administers Thrift Savings Plans for government employees. Together, our team boasts a combination of technical expertise and change management capabilities that empower our clients to implement innovative solutions that advance their mission objectives and improve their cybersecurity posture. We are looking for candidates with this “one team” mindset who will dedicate themselves and their expertise to best serve our client.