Job Directory SOC Analyst III

SOC Analyst III
Vienna, VA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Job Description

Description

Job Description

* SAIC is currently seeking candidates for a Sr. Cyber Security Threat Hunter - Tier III SOC Analyst, supporting one of our federal customers.
* This is an exciting opportunity to be part of a key team of cyber security professionals here at SAIC, supporting full life cycle cyber security operations for our customer.
* We are seeking an individual that can bring security analysis and incident response experience to support daily operations and help grow and mature our current SOC environment.
* As a Cyber Threat Hunter you will be responsible for participating in threat actor based investigations, creating new detection methodologies, and provided expert support to incident response and monitoring functions.
* The focus of the Threat Hunter is to detect, disrupt and the eradication of threat actors from enterprise networks.
* To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.
* You will also directly support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response.

Responsibilities:

* General SIEM monitoring, analysis, content development, and maintenance
* Research, analysis, and response for alerts; including log retrieval and documentation
* Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
* Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
* Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management
* Track threat actors and associated tactics, techniques, and procedures (TTPs)
* Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors
* Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs
* Analyze malicious campaigns and evaluate effectiveness of security technologies
* Develop advanced queries and alerts to detect adversary actions
* Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting- edge security technologies
* Design and build custom tools for investigations, hunting, and research
* Assist in the design, evaluation, and implementation of new security technologies
* Lead response and investigation efforts into advanced/targeted attacks
* Hunt for and identify threat actor groups and their techniques, tools and processes
* Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses
* Provide expert analytic investigative support of large scale and complex security incidents
* Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
* Continuously improve processes for use across multiple detection sets for more efficient Security Operations
* Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
* Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
* Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
* A passion for research, and uncovering the unknown about internet threats and threat actors
* Ensure the SOC analyst team is providing excellent customer service and support

Qualifications

Qualifications

Required Qualifications:

* 9+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC
* 3+ years experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk or similar tools, and malware triage
* Experience with creating automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior
* Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building.
* Strong analytical and investigation skills
* Experience with active threat hunting and adversary tracking
* Working knowledge of security architectures and devices
* Working knowledge of threat intelligence consumption and management
* Working knowledge of root causes of malware infections and proactive mitigation
* Working knowledge of lateral movement, footholds, and data exfiltration techniques
* Experience with Netflow or PCAP analysis
* Track record of creative problem solving, and the desire to create and build new processes
* Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions
* Convert intelligence into actionable mitigation and technical control recommendations
* Experience with the Windows file system and registry functions or *NIX operating systems and command line tools
* Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts
* Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
* Experience working in fast paced environments, and ability manage workload even during times of stress or escalated activity
* Comfortable with impromptu tasking and loosely defined requirements
* Strong time management and multitasking skills as well as attention to detail
* Strong collaborative skills and proven ability to work in a diverse team of security professionals
* Excellent oral and written communications skills

Preferred Qualifications:

* Experience with one or more scripting languages (e.g., Python, JavaScript, Perl)
* Perform memory analysis
* Perform malware analysis
* Experience with computer exploitation methodologies
* Experience as a government contractor
* CISSP or GCIA/GCIH

Education Requirement:

* Bachelor's degree or higher in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, Information Systems, etc. Or 9+ years of relevant experience in lieu of a degree.

Clearance Requirement:

* Ability to obtain a Public Trust Clearance

Overview

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.