SOC Mid-Level Analyst

ECS is seeking a SOC Mid-Level Analyst to work remotely.

ECS is seeking a Mid-Level SOC Analyst with demonstrated experience supporting the development of processes, procedures, and automations to rapidly ingest, aggregate, correlate, normalize, and analyze event messages to rapidly and assuredly identify and respond to Indicators of Compromise (IoC). The ideal candidate is a critical thinker and perpetual learner who is excited to solve some of our clients’ toughest challenges. To be successful the candidate must have experience working in a mature 24x7x365 Security Operation Center.

Shift schedule: Fri-Mon, 3:00PM – 1:00AM ET (subject to change)

Responsibilities include:

• Continuously monitors SIEM and on-premises infrastructure/cloud applications for security events to threats & intrusions, including:
• SIEM alert queue
• Phishing email inbox
• Intel feeds via email and other sources (i.e., US-CERT, MS-ISAC)
• Incident ticketing queue
• Participates with responding to and handling all critical incident activity. Ensure the execution of proper containment, remediation, and recovery activities.
• Assesses and documents lessons learned as part of post-incident review, such as unsuccessful controls, outdated procedures, or incomplete remediation actions.
• Coordinates with SIEM engineering to tune security events and alerts for improving alert fidelity. 
• Assists with creating and tuning Security Orchestration and Automation (SOAR) playbooks and automated workflows. 
• Performs proactive threat hunting to identify and characterize new emerging threats, vulnerabilities, and risks.
• Works closely with Cyber Threat Intel to provide information on detection patterns for new upcoming threats
• Compiles threat hunt reports as requested on any specific hunt/threat inquiry and disseminate to SOC leadership.

Conducts research and document events of interest within the scope of Cyber Security.

Salary Range: $120,000 – $145,000

General Description of Benefits

• Minimum of 3 years experience conducting analysis of log data in support of intrusion analysis or information security operations.
• Bachelors degree or equivalent with relevant certifications.
• Experience with two or more analysis tools used in a CIRT or similar investigative environment.
• Ability to build content in SIEM system.
• Ability to analyze and triage IoCs.