Tier 1 Onsite Security Operations Center - Annapolis, United States - Arcetyp LLC

Description

Job Description


Job Description Salary:

Arcetyp LLC is a growing small business that provides a broad range of consulting services to US Federal Government, US Military, and Commercial clients.

Services include Management & IT Consulting, Program & Project Management, and Professional & Admin Services.

We are recruiting to fill a position to lead business development activities for a small government contracting firm focused on IT Services and Cyber Security for clients in Civil and DoD markets.

We accept direct hire candidates only, W2 employee hires.

We do not accept 1099 independent consultants.

We do not accept staffing firms. We do not accept corp-to-corp (C2C) candidates. We can't sponsor H1B.

Arcetyp LLC is looking for an Tier 1 Onsite Security Operations Center (SOC) Analyst to work full time in a day-shift onsite at in Crownsville MD.

ESSENTIAL JOB FUNCTIONS:
Security Operations Center (SOC)

Day-Shift Analyst

applying hands-on experience monitoring, detecting, and analyzing threats and cybersecurity events to identify and defend against validated intrusion events.

Daily work includes monitoring network and system security events, conducting threat hunting through event data and activity logs, developing alarms for suspicious or malicious activity, escalating alerts to clients and preparing reports to summarize detected activities.

The SOC Analyst executes and helps to create operational processes for consistent monitoring of client environments and should be familiar with varieties of security tools and technologies.

The SOC Analyst additionally works to support the Incident Response Team by conducting monitoring and analysis during incident


DUTIES AND RESPONSIBILITIES:
Monitor, protect, and defend the enterprise perimeter against malicious network traffic.
Monitor, protect, and defend internal networks and hosts against ongoing and emerging threats.
Enrich monitoring logs with contextual operation data from functional areas correlate events and identify security issues, threats, and vulnerabilities

Conduct security event analysis and validation, triage validated incidents, perform initial containment where feasible, research incident and enrich incident case documentation, and escalate incident for further analysis, containment, and eradication.

Review and analyze threat intelligence information and proactively search application, system, network logs to hunt for and thwart relevant threats identified threats.

Prepare and perform shift handover briefing to communicate completed and pending activities, and relay situational awareness information.

Contribute to the development and maintenance of SOC Standard Operating Procedures (SOPs) and Concept of Operations (CONOPS) to establish and continuously improve organization operating knowledge base.

Participate in post-incident activities and contribute to lessons learned to improve security operations.
Provide support in preparation of management threat reports and briefings, and recommendations.
Provide sound technical recommendations that enable remediation of security issues.
Partner with security engineering to develop and refine SIEM correlation rules.
Utilize advanced threat models, SIEM use cases, and incident response playbooks.


REQUIRED SKILLS AND QUALIFICATIONS:

Bachelor's degree from an accredited college or university with a major in computer science, information systems, engineering, business, or a related scientific or technical disciplines.

US Citizen

CompTIA CySA+ certification/ or a CompTIA Security+ (or other relevant IAT Level II/III Certification) along with one of the following: CEH, CFR, CCNA Cyber Ops, CCNA-Security, GCIA, GCIH,GICSP, Cloud+, SCYBER, PenTest+.

Experience analyzing intrusion events such phishing emails, malware, privileges misuse, traffic indicating potential malicious activities such DoS/DDoS, brute force, data loss through exfiltration/ inadvertent disclosure.

Applied experience of threat analysis model/frameworks such Cyber Kill Chain, MITRE ATT&CK, Diamond Model, Pyramid of Pain etc.
Working knowledge of advanced threat Tactics, Techniques and Procedures (TTPs).
Applied experience with network traffic analysis with tools like Wireshark
Applied experience with a variety of Opensource threat research tools/platforms such as Virus Total
Working knowledge of network and security architecture principles such as defense-in-depth
Experience with proprietary security

protection/detections

tools such as Firewall, Host and Network IDS/IPS, Anti-Virus, EDR, URL Filtering Gateways, Email Filtering Gateways, DLP tools, and SIEM tools such as Splunk etc.

Capable of working independently, establishing priorities and managing task completion within set SLAs.


DESIRED SKILLS AND QUALIFICATIONS:
Experience with mid-to-advance level malware analysis
Experience creating detailed queries and scripts, such as regular expressions, for log, event and correlation analysis.
Experience scripting in Python, PowerShell, VBScript


COMPENSATION:
Pay and benefits information for this position will be provided to interested candidates that apply.

Arcetyp is an Equal Opportunity Employer and we highly value diversity of our workforce.

We accept resumes from all interested parties and consider applicants for all positions without regard to race, color, religion, sex, national origin, age, marital status, sexual preference, personal appearance, family responsibility, the presence of a non-job-related medical condition or physical disability, matriculation, political affiliation, veteran status, or any other legally protected status.

#J-18808-Ljbffr