SOC Analyst III - Columbia, United States - TEKsystems

Description

Job Description

Top Skills' Details

1. Incident Handling or Incident Response experience
2. SOC monitoring experience
3. Proactive Threat Hunting Experience

**A Large Differentiator would be Centralized Log management experience**

Job Description

TEKsystems conversation:
Our Client is looking for a SOC Analyst Tier 3. Currently they have their GRC team covering SOC duties on a day to day basis. They are bringing on a Tier 1 and a Tier 2 analyst directly and have asked for support to bring on this tier 3 analyst. This role on a day to day will be monitoring alerts, proactive threat hunting, and improving security gaps within the department. 50% of the time will be spent improving security gaps (current gaps include baseline, firewall deployments, log filtering, etc). 25% of the time will be spent doing proactive threat hunting. The other 25% will be more miscellaneous tasks.

This role requires that someone has experience with Centralized Log Management experience (CLM) - HHS uses Snare but they are open to any CLM tool
Compliance: MARS-E and HIPPA

They need someone who is a team player and someone that is coachable. However at the same time they need to be able to coach others

Customers Position Description:
The Security Analyst is a hands-on role within the Office of Information Assurance (OIA) that will play an integral role in the active defense of the systems and networks here..

The Security Analyst will support the establishment, implementation and/or enhancement of Information Systems' Security and Compliance efforts based on Federal, State and Agency Policy/Standards. The Security Analyst must have foundational technical knowledge of IT systems' security, network security and administrative tasks, be a strong oral and written communicator, and be eager to interact with SCDHHS technical staff, business unit representatives, stakeholders and vendors.

The SCDHHS Office of Information Assurance (OIA) is tasked with performing ongoing enterprise cybersecurity threat monitoring and incident response capabilities. A strong candidate for this position should possess experience or knowledge in the following:

• Cyber Threat Response and Incident Handling

• Cyber Security Operations

• Penetration Testing

• Network Security

DAILY DUTIES / RESPONSIBILITIES:
The Security Analyst is primarily responsible for assessing and evaluating the organization's information & cyber security solutions and processes, as well as providing technical advisory to influence the design and implementation of security information technology systems and networks. The Security Analyst will guide junior analyst (Security Analyst I and II) to identify and address risks, and lead the response to information security issues.

Candidates should be self-starters, creative problem solvers and have an eagerness to implement tactics, techniques and procedures which make the most effective use of Agency staff, resources, products and technologies quickly.

Technical Knowledge:
-Understanding of information technology and security concepts.
-Experience or knowledge of operating systems (e.g., Android, iOS, Linux, Windows, MVS, VMWare), cloud computing, networks, hardware and software
platforms, and protocols as they relate to information security.
-Experience or knowledge in performing vulnerability assessments, including scanning, analysis of results, and manual validation.
-Experience with secure networking technologies such as network firewalls and IDS/IPS technologies, Network Security Monitoring expertise, and Security
Information and Event Management (SIEM) systems.
-Experience in information security incident response and risk management.
-Experience managing and responding to information security risks, threats and incidents.
-Threat and vulnerability management; awareness of current threats to confidentiality, integrity, and availability of data and controls to mitigate threats
-Strong working knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls (e.g., Centers for Medicaid and
Medicare (CMS) MARS-E 2.0, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), and
Federal Risk and Authorization Management Program (FedRAMP).
-Experience or knowledge with development and integration of RMF tasks and artifacts into the System Development Life Cycle (SDLC) is ideal.
-Experience or knowledge in security as related to multi-tenant, cloud services and vendor interface management would be considered desirable for this position.
-Working knowledge of TCP/IP and the functioning of its component protocols, ability to read, and analyze, using various toolsets such as tcpdump, wireshark,
etc; how they work and what information they produce will be benificial in this role.
-Understanding of basic defense-in-depth principles such as and secure system configuration, network segmentation and malicious code protection is a plus.

Information Systems' Security Experience:
-Experience in operating and contributing to a security operations center responding to alerts and anomalies, creating and interpreting dashboards and triaging
cross-functional teams is preferred.
-Hands-on experience in the secure implementation, operation and on-going maintenance of computer systems, software, hardware and networks is preferred.

General Duties and Responsibilities:
1. Assist in the day-to-day duties of SOC monitoring activities, tools and processes
2. Provide hands-on support of OIA systems and software
3. Conduct threat hunts (specialized searches) for evidence of compromise
4. Monitor security technologies for alerts
5. Investigating incidents, gathering evidence, and analyzing data
6. Analyze anomalous activity and potential threats to Agency connected resources
7. Collaborate with OIA Staff and other agency staff, leadership, business partners and other parties/stakeholders to support security and compliance risk
mitigation efforts
8. Other duties as assigned

Notes about Team:

This is a great opportunity for someone who is looking for mentoring experience, this role will provide the opportunity to mentor the SOC 1 & SOC 2 employees. This role will make a large impact on citizens for the State of SC as this will be preventing incidents that may impact in leaking or breach of medical data and personal information. This would be a great opportunity for someone who is looking to get their foot in the door with state government as well.

Business casual/sometimes more informal. This is a family friendly time environment, it is a smaller team. There are about 15-20 individuals in this space from ISSO's, SOC analysts, to compliance analysts. Management is not micromanaging their employees, management is more along the line of coaching their employees and assisting where support is needed. This is a fun group of people