|Location||Santa Ana, CA|
|Date Posted||February 29, 2020|
- 3-5 yrs of SOC Analyst experience ( technical lead)
- Knowledge of Logrythm
- Security cert or CISSP
- work in a 24/7 environment
This position will be responsible for Cyber Intelligence and Vulnerability Assessment for the 24/7 Security Operations Center (SOC). The candidate must have a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and at least 5 years’ experience including experience in collecting, synthesizing, fusing, or authoring unclassified and classified cyber threat intelligence products as well as experience in vulnerability assessment and penetration testing.
Job Specific Responsibilities:
- Develop moderately complex security designs and test plans using existing technology.
- Perform and document root cause analysis for security incidents.
- Perform and document vulnerability analyses
- Develop cyber security analytics and threat intelligence using multiple data sources provided to the Security Information and Event Management (SIEM) system.
- Work closely with the CISO to identify and recommend process and system improvements to the security program.
- Create relevant documentation and recommendations for changes to the current security architecture.
- Drive the capabilities and execution to effectively optimize and improve enterprise security.
- Demonstrate expert level knowledge of security services and implementations.
- Investigate, positively identify, and document anomalous events and incidents that are escalated by Tier 1 engineers.
- Document and escalate appropriate events and incidents to Tier 3 engineer.
- Examine cyber adversary techniques in order to develop defensive methodologies.
- Conduct risk analysis and convert it into actionable monitoring recommendations to be conducted by the SOC.
- Conduct vulnerability assessments and recommend remediation and mitigation strategies and implementations to ensure effective achievement of the organizational objectives.
- Provide support for security incidents throughout the incident lifecycle as needed and make recommendations to ensure enterprise infrastructure is protected.
- Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
- Work with the CISO to develop a metrics program to report on overall SOC performance and effectiveness.
REQUIRED QUALIFICATIONS & EXPERIENCE
- Bachelor degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of five years of experience in Cyber Security.
- Must be able to meet all Law & Justice and departmental clearance requirements prior to starting work and be eligible to pass law enforcement level background investigations and obtain U.S. SECRET (or similar) clearances as required.
- Demonstrated Experience with Cyber Intelligence & Vulnerability Assessment including expert experience in at least two of the following areas:
(a) Vulnerability Assessment;
(b) Intrusion Prevention and Detection;
(c) Access Control and Authorization;
(d) Policy Enforcement;
(e) Application Security;
(f) Protocol Analysis;
(g) Firewall Management;
(h) Incident Response;
(k) Advanced Threat Protection
- Security and/or CySA, plus CCNA Certification,
- Experience with Nessus vulnerability scanning
- Experience with Security Information and Event Management Tools (LogRhythm).
- Experience with vulnerability assessment tools (Nessus).
- Experience writing moderately complex scripts.
- Understanding of networking concepts and technologies including TCP/IP, Routing, Switching, NAT, OSI Model, etc.
- Ability to manage multiple projects and multiple deadlines in an organized fashion.
- Understanding of advanced data analysis and management concepts.
- Technical writing abilities to author technical and management risk reports.
DESIRED QUALIFICATIONS & EXPERIENCE
- Certified Information Systems Security Professional (CISSP)
- SANS/GIAC certifications
- Cisco WLAN certification
- Experience in Information Assurance Policy and Guidelines
- NIST Special Publication 800-53
- NIST Cybersecurity Framework
- ITIL Foundation Level or higher Certification
SOC,CSOC,CYBER,CYBERSECURITY,CYBER SECURITY,SECURITY OPERATIONS CENTER,SECURITY OPERATION CENTER,SIEM,THREAT,THREATS,SPLUNK,MALWARE,ATTACK,VULNERABILITY