W@tchTower ® is a modern SOC company powered by W@tchTower technology. We provide products, professional services, and MSSP services to empower our customers to have organized, automated, orchestrated and cost affective security operations capabilities. Our company is a modern company that is employee and family focused. We provide an open inclusive environment, opportunities for leadership and growth, as well as employee driven flexible work hours/work weeks, and very rich employee benefits. W@tchTower ®, employees have access to the most state-of-the-art detection and SOAR technology in the industry and connection to innovative and cutting-edge projects.
We are currently seeking strong technical candidates for a position of SOC Analyst on site in West Virginia. The ideal candidate has both commercial and/or government industry experience implementing Incident Response and security monitoring and detection, a solid understanding current cyber security threats and vulnerabilities, and the drive to be a technical leader. Candidates should also have experience in threat analysis, hunting, experience with python, multiple SIEMs (including Splunk ES or other) and with SOC analyst detection workflows.
At W@tchTower ® we pride ourselves on being lifelong learners, dedicated to high technical standards. Whether it is internal sharing of technical skills, formal education, or trainings we promote continuous learning for all W@tchTower ® employees.
Senior SOC Analyst
Requirement: Must be a U.S. Citizen and be able to pass a government or commercial background check
Location: West Virginia
Salary : Commensurate with experience
· Bachelor's Degree in Computer Science or Information Systems or a related field or equivalent work experience
· At least 5+ years of IT/network experience and 3+ years of Information security experience
· The ability to communicate and work with clients
· Strong python scripting skills
· Splunk Content Development
· Splunk certified Administrator Certification Preferred
· Hands on Splunk ES experience with content development, feed ingestion, and workflow development
· Splunk ES content tuning and configuration of services, use case development, etc.
· Strong writing and presentation skills
· Strong Incident Response skills – from a detection of incidents, running and coordinating large incident responses
· Able to use and create dynamic playbooks that create consistency and functionality of cyber response execution.
· Broad knowledge of network and system security vulnerabilities, exploits and campaigns
· Basic knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence and coordinate a unified security response
· Demonstrated the ability to work across functional boundaries, build consensus and drive results
· Ethical hacking and penetration testing
· Security Information and Event Management (SIEM)
· Experience in Enterprise Operations
· Experience Supporting of 24x7 SOC
· Killchain and IOC and TTP understanding
· Mitre Attack Matrix understanding
· Network+, Security+, CCNA Security, CISSP, GIAC, Linux+
· Participating in team collaboration
· Participate all aspects of Security Operations work
· Work to design workflows to empower SOC to respond to complex attacks by automating repetitive steps, allowing analysts to focus on more strategic tasks.
· Assist in the development and maintenance an incident response playbook to detail workflows to respond to various classes of cyber incidents.
· Architect collection of statistics throughout the playbooks and processes to allow for metrics development, reporting, and dashboarding.
· Participate in the response to cyber incidents by gathering data and artifacts relevant to the event.
· Develop python scripts to support SOC automation
Job Type: Full-time