Tetrad Digital Integrity
Senior SOC Analyst - TS Clearance
Tetrad Digital Integrity, Port Hueneme, California, United States, 93041
Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.
The Senior SOC Analyst will be responsible for the analysis of all technology devices which may include Operational Technology (OT) and Industrial Control Systems (ICS) as well as on-premises and cloud enterprise networks. This includes analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage.
RESPONSIBILITIES:Experience with system administration, Windows and Linux operating systems (OS) mechanics including filesystem structures, disk and memory forensics, cyber aware Operational Technology or Control Systems operators, commonly used mechanisms for maintaining security persistence, privilege escalation, and lateral data movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior.Familiarity with what routine OS activities and common software/user behavior looks like in the context of forensic artifacts or timelines.familiar with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint.Utilize the Cyber Kill Chain and synthesize the entire attack life cycle along with creating detailed reports on how impacts may or have occurredReview and provide feedback to journeyman and junior analysts'Investigate and facilitate discussions on recommendations on improving SOC visibility, efficiency, and/or processesSupport client leaders in establishing and managing a Security Operations Center (SOC) to provide a secure environment that facilitates monitoring, incident response, malware analysis, and threat hunting activities.Provide oversight over more junior cyber analysts and assist client with prioritization and milestone tracking for efforts related to the SOCManage the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devicesAsses Security Technical Implementation Guides (STIGs) compliance and completionUtilize asset mapping tools to verify connected inventoryHandle Information Assurance Vulnerability Management (IVAM) notificationsEvaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusionsQUALIFICATIONS:5+ years of experience in security operations, demonstrating leadership in customer-facing rolesProficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and proceduresExtensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security CenterCapable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations
PREFERRED QUALIFICATIONS:
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)Able to provide expert content development in Splunk Enterprise Security using tstats and data modelsUnderstands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliancesExperience in other tools and protocols as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAPCertifications include:
Offensive Security Certified Professional (OSCP)GIAC Response and Industrial Defense (GRID)CERT Certified Computer Security Incident HandlerECCCEH (Electronic Commerce Council Certified Ethical Hacker)GCIH (GIAC Certified Incident Handler)GISF (GIAC Information Security Fundamentals)CISSP (Certified Information System Security Professional)
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
"TDI is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, genetics, gender identity or expression, national origin, protected veteran status or disability status, or any other characteristic protected by federal, state or local laws."
The Senior SOC Analyst will be responsible for the analysis of all technology devices which may include Operational Technology (OT) and Industrial Control Systems (ICS) as well as on-premises and cloud enterprise networks. This includes analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage.
RESPONSIBILITIES:Experience with system administration, Windows and Linux operating systems (OS) mechanics including filesystem structures, disk and memory forensics, cyber aware Operational Technology or Control Systems operators, commonly used mechanisms for maintaining security persistence, privilege escalation, and lateral data movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior.Familiarity with what routine OS activities and common software/user behavior looks like in the context of forensic artifacts or timelines.familiar with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint.Utilize the Cyber Kill Chain and synthesize the entire attack life cycle along with creating detailed reports on how impacts may or have occurredReview and provide feedback to journeyman and junior analysts'Investigate and facilitate discussions on recommendations on improving SOC visibility, efficiency, and/or processesSupport client leaders in establishing and managing a Security Operations Center (SOC) to provide a secure environment that facilitates monitoring, incident response, malware analysis, and threat hunting activities.Provide oversight over more junior cyber analysts and assist client with prioritization and milestone tracking for efforts related to the SOCManage the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devicesAsses Security Technical Implementation Guides (STIGs) compliance and completionUtilize asset mapping tools to verify connected inventoryHandle Information Assurance Vulnerability Management (IVAM) notificationsEvaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusionsQUALIFICATIONS:5+ years of experience in security operations, demonstrating leadership in customer-facing rolesProficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and proceduresExtensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security CenterCapable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations
PREFERRED QUALIFICATIONS:
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)Able to provide expert content development in Splunk Enterprise Security using tstats and data modelsUnderstands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliancesExperience in other tools and protocols as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAPCertifications include:
Offensive Security Certified Professional (OSCP)GIAC Response and Industrial Defense (GRID)CERT Certified Computer Security Incident HandlerECCCEH (Electronic Commerce Council Certified Ethical Hacker)GCIH (GIAC Certified Incident Handler)GISF (GIAC Information Security Fundamentals)CISSP (Certified Information System Security Professional)
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
"TDI is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, genetics, gender identity or expression, national origin, protected veteran status or disability status, or any other characteristic protected by federal, state or local laws."