Tier II SOC Analyst

Tier II SOC Analyst Washington D.C. / Hybrid Job Overview We are currently seeking a Tier II Cybersecurity Analyst to provide support to our client in Washington D.C. Clearance Required: Candidate must be able to receive a Public Trust 6c Clearance Responsibilities and Duties Provide Tier 2 support by analyzing network traffic and various log data to determine the threat/impact against the network, recommending appropriate countermeasures, facilitating the tracking, handling, and reporting of all security events and computer incidents. Remediate and apply lessons learned to security incident investigation and resolution. Perform monitoring, identification and resolution of security events to detect threats through analysis, investigations and prioritization of events based on risk/exposure. Develop processes that analyze data and produce accurate, meaningful, easily interpreted results based on user requirements and use cases. Develop processes that align with enterprise incident response activities and coordinate closely with other teams within the Security Operations Center . Create custom tool content to enhance capabilities of security operations teams. Manage the collection, documentation and research of security events generated by the SOC monitoring platform and infrastructure. Perform Security Incident Management aligned with NIST standards. Technical writing experience: Standard Operating Procedures Concept of Operations (CONOPS) Incident Response Plans Training Exercises Tool configurations and content creation Qualifications 1-3 years of experience on one of the following team(s): Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC). Bachelors' degree in Computer Science, Information Technology or related technical field. Additional years of experience can be substituted for a degree. Experience with Security Information and Event Management (SIEM) Systems, Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, and large Enterprise or Cloud environments. Experience with Incident Response, analysis of network traffic, log analysis, ability to prioritize and differentiate between potential intrusion attempts and false alarms, managing and tracking investigations to resolution. Good interpersonal skills to interact with customers, team members and support personnel. Strong analytical and problem solving skills for investigating security issues. Familiarity with one of the following; NIST Incident Response Lifecycle, Cyber Kill Chain, Adversarial Tactics, Techniques & Common Knowledge (ATT&CK). At least one active security certification Experience with one or more of the following tools: Azure Advanced Threat Analytics Azure Log Analytics Windows Defender Security McAfee ePO, HIPS FireEye NX, EX/ETP, HX, AX Desired Qualifications: Programming and/or scripting language experience; ideally PowerShell Search query language experience & content creation; ideally Kusto Project management experience to help build tiger teams for special projects MS Office, Visio, PowerBI proficiency