US
0 suggestions are available, use up and down arrow to navigate them
Security Operations Center (SOC) Anal...

Apply to this job.

Think you're the perfect candidate?

Security Operations Center (SOC) Analyst, Senior with Security Clearance

EverWatch Annapolis Junction, MD (Onsite) Full-Time
Job Title Security Operations Center (SOC) Analyst, Senior Overview EverWatch is a government solutions company providing advanced defense, intelligence, and deployed support to our country's most critical missions.
We are a full-service government solutions company.
Harnessing the most advanced technology and solutions, we strengthen defenses and control environments to preserve continuity and ensure mission success.
EverWatch is an Equal Opportunity/Affirmative Action Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age (40 or older), disability, genetic information, citizenship or immigration status, and veteran status or any other factor prohibited by applicable law.
EverWatch employees are focused on tackling the most difficult challenges of the US Government.
We offer the best salaries and benefits packages in our industry - to identify and retain the top talent in support of our critical mission objectives.
Responsibilities We are looking for an experienced Security Operations Center (SOC) Tier II Analyst to improve monitoring strategies and analyze threats to safeguard infrastructure supporting global missions focused on seeking out and eliminating cyberspace threats to defend the United States and its Allies.
You will guide the team on best practices and security measures.
You'll configure defense tools, create reports, and dashboards and build custom queries.
You will make recommendations to leadership on best practices to harden infrastructure and improve alerting.
You'll lead incident response and remedy potential incidents escalated from Tier 1 SOC Analysts.
You'll work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact.
You will guide efforts to assess how many systems are affected and assist recovery efforts.
You'll combine threat intelligence, event data, and assessments from recent events to identify patterns and provide mitigation techniques and strategies.
Finally, you will apply knowledge of attacker techniques to uncover threats by analyzing log data, and building and tuning detections.
Qualifications Qualifications:
• 6+ years of experience in modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
• Experience with writing detections within SIEM solutions, including Splunk, ArcSight, ElasticSearch, or Azure Sentinel
• Experience with Intrusion Detection System or Intrusion Prevention System (IDS/IPS) monitoring
• Knowledge of the basic functions and configurations of Bro or Zeek
• Knowledge of OS internals, including Windows, Linux, or Mac
• Knowledge of common security threats and vulnerabilities
• Ability to perform Nessus scans and review results, firewall configurations, and Linux hosts for indicators of compromise and hardening of Linux systems
• TS/SCI clearance with a polygraph
• Bachelor's degree
• IAT Level II Certifications Nice If You Have:
• Experience in creating and debugging Splunk Dashboards and creating Snort rules
• Experience with security subjects and trends, including digital forensics, reverse engineering, and penetration testing
• Experience with security principles in virtual and hosting software, including MISP, HIVE, CORTEX, WikiJS, VPN, and SecurityOnion
• Experience with leading teams in a technical capacity
• Experience with leveraging common scripting languages, including PowerShell or Python to parse logs and automate repeatable tasks
• Ability to use Splunk to hunt for indicators of compromise, create Splunk Dashboards, and review logs
• Ability to code or script using any language
• Ability to partner and collaborate with teams, both internal and external, including developers, vendors, analysts, tech leads, and project managers
• DOD 8570 CSSP Analyst Certification
• GCIA, GSLC, GCIH, CISM, CISSP, or- CEH Certifications Clearance Level TS/SCI polygraph Job Locations US-MD-Annapolis Junction Skills SIEM, Intrusion Detection

Recommended Skills

  • Anomaly Detection
  • Apache Hive
  • Assessments
  • Automation
  • Certified Information Security Manager
  • Certified Information Systems Security Professional

Apply to this job.

Think you're the perfect candidate?

Help us improve CareerBuilder by providing feedback about this job: Report this job

Job ID: 8340_8030624

CareerBuilder TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.