SOC ANALYST TIER 2/3 (Contractor)

<p><span><span>SOC 2/3 Engineer (Remote Contractor): </span></span><br></p>
<p><span> </span><br></p>
<p><span>General Duties -</span><br></p>
<p><span>Responsible for investigating security incidents and determining their root causes. They review incidents that have been escalated by Tier 1 analysts, who are responsible for collecting data and reviewing alerts. Tier 2/3 analysts use threat intelligence, such as indicators of compromise, TTPs, and company host system/network data sets to assess the alerts, threats and potential incidents in more depth.</span><br></p>
<p><span> </span><br></p>
<p><span>General Skills -</span><br></p>
<p><span>They have deep experience with SIEM tools specifically Crowdstrike SIEM, network data, host data, Identity and Access log data, developing SIEM use cases, reducing/tuning false alerts and leading investigations until issues have been resolved.  They will also monitor systems and events across different operating systems, such as Windows, macOS, and Linux.   </span><br></p>
<p><span> </span><br></p>
<p><span>Specific Requirements -</span><br></p>
<ul>
<li><span>Must have 5+ years recent experience as Tier 2 or 3 analyst at a large organization; government and Critical Infrastructure company preferred.</span><br></li>
</ul>
<ul>
<li><span>Must have strong, demonstrated SIEM and data correlation experience</span><br></li>
</ul>
<ul>
<li><span>Must have demonstrated experience designing new SOC use cases and working with vendor on implementing new use cases.</span><br></li>
</ul>
<ul>
<li><span>Must have experience designing and implementing runbooks and use cases to mitigate security incidents</span><br></li>
</ul>
<ul>
<li><span>Experience designing<span> </span><span>Incident Response plan</span>, including alert definition, runbooks, escalation, etc..</span><br></li>
</ul>
<ul>
<li><span>Experience documenting incident response communications for technical and management audiences</span><br></li>
</ul>
<ul>
<li><span>Must have extensive experience reviewing and managing alerts in<span> </span><span>Microsoft Defender, Splunk</span></span><br></li>
</ul>
<ul>
<li><span>Must have experience conducting hunts across disparate data sets, to include host data, vulnerability data, threat data, network data, active directory data, among others to identify threats</span><br></li>
</ul>
<ul>
<li><span>Experience leading timely security operations response efforts in collaboration with stakeholders</span><br></li>
</ul>
<ul>
<li><span>Must have experience setting up alert rules and effective alert management</span><br></li>
</ul>
<ul>
<li><span>Demonstrated ability to create runbooks and conducting investigations with key application, IT Infra and other stakeholders</span><br></li>
</ul>
<ul>
<li><span>Experience designing custom SOC SIEM use cases in Defender, Splunk and CRWD</span><br></li>
</ul>
<ul>
<li><span>Experience conducting forensic work investigations</span><br></li>
</ul>
<ul>
<li><span>Strong security operations documentation abilities</span><br></li>
</ul>
<p><span> </span><br></p>
<p><span>Attributes sought -</span><br></p>
<ul>
<li><span>Must be proactive, problem solver and curious.</span><br></li>
</ul>
<ul>
<li><span>Most be a problem solver</span><br></li>
</ul>
<ul>
<li><span>Must be curious</span><br></li>
</ul>
<ul>
<li><span>Must be analytical, qualitative and quantitative abilities</span><br></li>
</ul>
<ul>
<li><span>Must be adaptive to dynamic environment</span><br></li>
</ul>
<p><br><br></p>
<p><br><br></p>
<p><span>**MST or PST shift times** </span></p>