The Tier 2 Security Operation Center (SOC) Analysts have experience in using SIEM technologies to support in-depth investigations and threat hunting activities. Experience with Devo, Splunk, Aszure Sentinel,or other SIEM technology required. An understanding of ticket workflow and handling is also required.
location: Remote, New Jersey
job type: Contract
work hours: 8am to 4pm
education: No Degree Required
- 4+ years of Security Operations experience in enterprise environments
- Experience with Devo, McAfee ESM, Splunk, Azure Sentinel, Q-Radar, ArcSight, etc. or other enterprise SIEM technologies.
- strong understanding of ticket workflow and handling.
- Demonstrated experience using either an Enterprise and or cloud Security SIEM technologies as an analyst.
- Ability to support and work across multiple customer and bespoke systems.
- strong Documentation (SOP/Standard Operations Procedure) development.
- strong Trouble Shooting Skills.
- Understanding of how to read inbound and outbound traffic.
- Complete basic safety and security training to meet the customer requirements.
- Ability to work a rotating shift and on-call schedule as required.
- Certified Ethic Hacker (CEH) or equivalent
- Certified Incident Handler (GCIH or ECIH)
- Splunk Power User Certification
- Other Certs - such as CompTIA Networking+, any Cloud Certifications, Devo, Splunk, Azure Sentinel
- Able to use the internet to do research on events of interest.
- Familiar with the cyber kill chain.
- Familiar with Mitre ATT&CK and Mitre D3FEND
- Familiar with common cybersecurity frameworks, regulations, and compliance standards
- Working knowledge of cybersecurity and privacy principles.
- Working knowledge of cyber threats and vulnerabilities.
- Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
- Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
- Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).?
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).?
- Knowledge of incident response and handling methodologies.?
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).?
- Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of escalation, incident management and change management processes and procedures of a SOC.
- Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).?
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).?
- Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- Tier 2 SOC Analysts are also responsible for researching, responding to, and creating tickets within the ticketing system.
- Determining service impact of security events.
- Alerting customers to possible malicious activity.
- Working tickets via ticketing system.
- Creating tickets for various needs of the SOC.
- Research and data collection of events of interest.
- Engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.
- Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Receive and analyze security alerts from various sources within the enterprise and determine possible causes of such alerts.
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
- Assist in developing cybersecurity recommendations to Tier 3 based on significant threats and vulnerabilities.
- Work security tickets within established SLAs and escalate to Customer or Tier 3 as needed, establish false positive, or contact customer as needed.
- Provide guidance and mentorship to other SOC personnel.
- Contribute to the creation of process documentation and training materials.
- Experience level: Experienced
- Minimum 4 years of experience
- Education: No Degree Required
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
For certain assignments, Covid-19 vaccination and/or testing may be required by Randstad's client or applicable federal mandate, subject to approved medical or religious accommodations. Carefully review the job posting for details on vaccine/testing requirements or ask your Randstad representative for more information.