SOC ANALYST TIER 2/3 (Contractor)
SOC 2/3 Engineer (Remote Contractor):
General Duties -
Responsible for investigating security incidents and determining their root causes. They review incidents that have been escalated by Tier 1 analysts, who are responsible for collecting data and reviewing alerts. Tier 2/3 analysts use threat intelligence, such as indicators of compromise, TTPs, and company host system/network data sets to assess the alerts, threats and potential incidents in more depth.
General Skills -
They have deep experience with SIEM tools specifically Crowdstrike SIEM, network data, host data, Identity and Access log data, developing SIEM use cases, reducing/tuning false alerts and leading investigations until issues have been resolved. They will also monitor systems and events across different operating systems, such as Windows, macOS, and Linux.
Specific Requirements -
- Must have 5+ years recent experience as Tier 2 or 3 analyst at a large organization; government and Critical Infrastructure company preferred.
- Must have strong, demonstrated SIEM and data correlation experience
- Must have demonstrated experience designing new SOC use cases and working with vendor on implementing new use cases.
- Must have experience designing and implementing runbooks and use cases to mitigate security incidents
- Experience designing Incident Response plan, including alert definition, runbooks, escalation, etc..
- Experience documenting incident response communications for technical and management audiences
- Must have extensive experience reviewing and managing alerts in Microsoft Defender, Splunk
- Must have experience conducting hunts across disparate data sets, to include host data, vulnerability data, threat data, network data, active directory data, among others to identify threats
- Experience leading timely security operations response efforts in collaboration with stakeholders
- Must have experience setting up alert rules and effective alert management
- Demonstrated ability to create runbooks and conducting investigations with key application, IT Infra and other stakeholders
- Experience designing custom SOC SIEM use cases in Defender, Splunk and CRWD
- Experience conducting forensic work investigations
- Strong security operations documentation abilities
Attributes sought -
- Must be proactive, problem solver and curious.
- Most be a problem solver
- Must be curious
- Must be analytical, qualitative and quantitative abilities
- Must be adaptive to dynamic environment
**MST or PST shift times**