ISI Enterprises
SOC Analyst II
ISI Enterprises, Herndon, Virginia, United States, 22070
ISI Defense is seeking a detail-oriented and proactive SOC Analyst to join our Security Operations Center (SOC). This role is instrumental in monitoring, detecting, and responding to security incidents while supporting Digital Forensics and Incident Response (DFIR) efforts. The SOC Analyst will contribute to safeguarding ISI Defense’s systems and client environments within the Defense Industrial Base by creating behavior-based detection rules and leveraging a range of security monitoring and detection tools. This position is critical to ensuring compliance with NIST SP 800-171, CMMC, and FedRAMP standards within the Defense Industrial Base.Duties/ResponsibilitiesThreat Monitoring and Analysis:Continuously monitor and analyze security events across multiple platforms to identify and assess potential threats.Perform real-time analysis and correlation of security events to detect unauthorized activities, anomalies, and potential security incidents.Triage and prioritize alerts based on risk and impact, escalating critical incidents to SOC leadership as needed.Incident Response:Execute initial incident response actions, including containment, eradication, and recovery efforts, in coordination with the SOC Manager and other cybersecurity teams.Document findings and actions for each incident, creating comprehensive incident reports for tracking and analysis.Assist in forensic investigations by gathering evidence, analyzing data, and identifying root causes using appropriate forensic methodologies.Threat Hunting and Intelligence:
Proactively hunt for potential threats and malicious activities within the environment, leveraging threat intelligence feeds and behavior analytics.Collaborate with the SOC Manager to create and maintain user behavior analytics (UBA) and attacker behavior analytics (ABA) detection rules.Utilize Splunk’s advanced analytics and search capabilities to detect sophisticated threats that may bypass standard detection mechanisms.Maintain awareness of emerging threats, vulnerabilities, and industry trends to improve threat-hunting and detection strategies.System Administration and Maintenance:Support the configuration, tuning, and optimization of SOC tools to ensure maximum effectiveness and minimize false positives.Regularly review and update SOC playbooks, alerts, and detection rules to adapt to evolving threats and business requirements.Assist in managing endpoint detection and response (EDR) tools, including updating policies and handling alerts.Compliance and Documentation:Ensure all SOC processes and incident response activities comply with NIST SP 800-171, CMMC, and FedRAMP requirements.Maintain detailed logs, incident records, and reports to support audits, compliance assessments, and SOC performance analysis.Contribute to continuous improvement initiatives by recommending process enhancements based on incident trends and root cause analyses.QualificationsBachelor’s degree in Cybersecurity, Information Technology, or a related field; equivalent experience may be considered.3+ years of experience in a SOC or cybersecurity role, with experience in security monitoring, incident response, or threat hunting.Familiarity with SIEM platforms, EDR tools, and DNS security solutions, SASE and NAC Solutions for comprehensive threat detection and response.Knowledge of digital forensic methodologies and tools for conducting detailed forensic investigations.Understanding of threat detection techniques, behavior analysis, and incident response best practices.Knowledge of compliance frameworks (e.g., NIST SP 800-171, CMMC, FedRAMP) is beneficial.Strong analytical and problem-solving skills, with the ability to quickly assess situations and respond to security events effectively.Excellent written and verbal communication skills, able to document incidents clearly and communicate findings to the SOC team and management.Detail-oriented, with a focus on accuracy and thoroughness in all tasks.Preferred QualificationsSplunk Core Certified User or Power User for proficiency in using Splunk.CrowdStrike Certified Falcon Responder (CCFR) for familiarity with CrowdStrike Falcon.CompTIA CySA+ or GIAC Certified Detection Analyst (GCDA) for a solid understanding of cybersecurity analytics and detection.GIAC Certified Incident Handler (GCIH) or Certified Threat Intelligence Analyst (CTIA) for enhanced incident response and threat-hunting skills.What we offerThe salary range for this role is $85,000-$100,000Hybrid workA competitive salary and benefits packageA casual, friendly, and relaxed work environmentProfessional growth encouragement and supportIndustrial Security Integrators, LLC (“IsI”) is an equal opportunity employer committed to affirmative action and diversity in the workplace. It is the policy of IsI to provide Equal Employment Opportunities (EEO) to Employees and Applicants, without regard to race, color, religion, sex, age, marital status, citizenship status, national origin, sexual orientation, gender identity, veteran status or disability or any other factor protected by law and to provide advancement opportunities for minorities, women, disabled individuals, and veterans. IsI is stronger and more effective when our workforce includes highly qualified individuals with diverse backgrounds, cultures, and traditions.
#J-18808-Ljbffr
Proactively hunt for potential threats and malicious activities within the environment, leveraging threat intelligence feeds and behavior analytics.Collaborate with the SOC Manager to create and maintain user behavior analytics (UBA) and attacker behavior analytics (ABA) detection rules.Utilize Splunk’s advanced analytics and search capabilities to detect sophisticated threats that may bypass standard detection mechanisms.Maintain awareness of emerging threats, vulnerabilities, and industry trends to improve threat-hunting and detection strategies.System Administration and Maintenance:Support the configuration, tuning, and optimization of SOC tools to ensure maximum effectiveness and minimize false positives.Regularly review and update SOC playbooks, alerts, and detection rules to adapt to evolving threats and business requirements.Assist in managing endpoint detection and response (EDR) tools, including updating policies and handling alerts.Compliance and Documentation:Ensure all SOC processes and incident response activities comply with NIST SP 800-171, CMMC, and FedRAMP requirements.Maintain detailed logs, incident records, and reports to support audits, compliance assessments, and SOC performance analysis.Contribute to continuous improvement initiatives by recommending process enhancements based on incident trends and root cause analyses.QualificationsBachelor’s degree in Cybersecurity, Information Technology, or a related field; equivalent experience may be considered.3+ years of experience in a SOC or cybersecurity role, with experience in security monitoring, incident response, or threat hunting.Familiarity with SIEM platforms, EDR tools, and DNS security solutions, SASE and NAC Solutions for comprehensive threat detection and response.Knowledge of digital forensic methodologies and tools for conducting detailed forensic investigations.Understanding of threat detection techniques, behavior analysis, and incident response best practices.Knowledge of compliance frameworks (e.g., NIST SP 800-171, CMMC, FedRAMP) is beneficial.Strong analytical and problem-solving skills, with the ability to quickly assess situations and respond to security events effectively.Excellent written and verbal communication skills, able to document incidents clearly and communicate findings to the SOC team and management.Detail-oriented, with a focus on accuracy and thoroughness in all tasks.Preferred QualificationsSplunk Core Certified User or Power User for proficiency in using Splunk.CrowdStrike Certified Falcon Responder (CCFR) for familiarity with CrowdStrike Falcon.CompTIA CySA+ or GIAC Certified Detection Analyst (GCDA) for a solid understanding of cybersecurity analytics and detection.GIAC Certified Incident Handler (GCIH) or Certified Threat Intelligence Analyst (CTIA) for enhanced incident response and threat-hunting skills.What we offerThe salary range for this role is $85,000-$100,000Hybrid workA competitive salary and benefits packageA casual, friendly, and relaxed work environmentProfessional growth encouragement and supportIndustrial Security Integrators, LLC (“IsI”) is an equal opportunity employer committed to affirmative action and diversity in the workplace. It is the policy of IsI to provide Equal Employment Opportunities (EEO) to Employees and Applicants, without regard to race, color, religion, sex, age, marital status, citizenship status, national origin, sexual orientation, gender identity, veteran status or disability or any other factor protected by law and to provide advancement opportunities for minorities, women, disabled individuals, and veterans. IsI is stronger and more effective when our workforce includes highly qualified individuals with diverse backgrounds, cultures, and traditions.
#J-18808-Ljbffr