SOC Lead Analyst

Location: Santa Ana, CA
Date Posted: 11-02-2018
All qualified resumes will be responded too within 24 hours
This position will be responsible for leading the monitoring staff of the 24/7 Security Operations Center (SOC). The candidate must have five years SOC experience including three years as a supervisor managing a 24/7 SOC. In addition they will have a minimum of three years of professional experience in cybersecurity, information risk management, or information systems risk assessment, and must be knowledgeable in vulnerability assessments, intrusion prevention and detection, access control and authorization, policy enforcement, application security, protocol analysis, firewall management, incident response, data loss prevention, encryption, two‐factor authentication, web‐filtering, and advanced threat protection. The position also involves developing and briefing various SOC performance reports, conducting and making recommendations on vulnerability assessments and technical management of security incidents. Job Specific Responsibilities: · Provide technical oversight and supervision to 24/7 SOC staff (including creation of shift schedules). · Lead a Computer Incident Response Team · Develop moderately complex security designs and test plans using existing technology. · Review and maintain shift change logs. · Develop cyber security analytics and threat intelligence using multiple data sources provided to the Security Information and Event Management (SIEM) system. · Work closely with the SAIC CISO to identify and recommend process and system improvements to the security program. · Create relevant documentation and recommendations for changes to the current security architecture. · Drive the capabilities and execution to effectively optimize and improve enterprise security. · Demonstrate expert level knowledge of security services and implementations. · Investigate, positively identify, and document anomalous events and incidents that are escalated by Tier 1 engineers. · Document and escalate appropriate events and incidents to Tier 3 engineer. · Examine cyber adversary techniques in order to develop defensive methodologies. · Conduct risk analysis and convert it into actionable monitoring recommendations to be conducted by the SOC. · Recommend remediation and mitigation strategies and implementations based on the results of vulnerability assessments, to ensure effective achievement of the organizational objectives. · Provide support for security incidents throughout the incident lifecycle as needed and make recommendations to ensure enterprise infrastructure is protected. · Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. · Work with the SAIC CISO to develop a metrics program to report on overall SOC performance and effectiveness. VENDORS/TOOLS/MANAGEMENT SYTEMS · Wireshark Security Operations Center - Cyber Security – SOC Lead Analyst – Job Description · LogRhythm · ServiceNow · Keylight · Nessus · Microsoft Exchange Online Protection · Sourcefire · Blue Coat · Zscaler · McAfee Data Loss Prevention REQUIRED QUALIFICATIONS & EXPERIENCE · Bachelor degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of five years of experience in Cyber Security with at least three of them in a SOC environment. · Must be able to meet all Law & Justice and departmental clearance requirements prior to starting work and be eligible to pass law enforcement level background investigations and obtain U.S. SECRET (or similar) clearances as required. · Demonstrated Experience in Team Leadership · Demonstrated Experience with Cyber Security Monitoring and Detection including expert experience in at least two of the following areas: (a) Vulnerability Assessment; (b) Intrusion Prevention and Detection; (c) Access Control and Authorization; (d) Policy Enforcement; (e) Application Security; (f) Protocol Analysis; (g) Firewall Management; (h) Incident Response; (i) Encryption; (j) Web‐filtering; (k) Advanced Threat Protection KEY REQUIREMENTS · Security+ and/or CySA, plus CCNA Certification, · Experience with intrusion detection sensors. · Experience with Security Assessment Tools (Nessus) and Security Information and Event Management Tools (LogRhythm). · Experience with Forensics Analysis. · Scripting experience. · Understanding of networking concepts and technologies including TCP/IP, Routing, Switching, NAT, OSI Model, etc. · Ability to manage multiple projects and multiple deadlines in an organized fashion. · Understanding of advanced data analysis and management concepts. · Technical writing abilities to author technical and management risk reports. DESIRED QUALIFICATIONS & EXPERIENCE · Certified Information Systems Security Professional (CISSP) Security Operations Center - Cyber Security – SOC Lead Analyst – Job Description · Experience in Information Assurance Policy and Guidelines · NIST Special Publication 800-53 · NIST Cybersecurity Framework · ITIL® Foundation Level or higher Certification
 
or
this job portal is powered by CATS