Incident Response-Tier II SOC Analyst

Washington DC - This is a full-time, Hybrid Position.

EM Key Solutions is looking for intelligent, creative individuals interested in helping grow something truly unique in our markets. We are seeking multiple Incident Response-Tier II SOC Analysts to join our rapidly growing team in Washington, DC. This is a hybrid role (1 or 2 days in the office, other days remote).

As an Incident Response-Tier II SOC Analyst, you and the Incident Response team will be responsible for manning a 24x7x365 coordination center, responding to escalated alerts, notifications, and communications, and providing incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions and reporting. As Tier 1 analysts generate trouble tickets or help desk alerts, Tier 2 leverages security controls, policies, and intelligence (indicators of compromise (IOC), rules, and procedures) to determine the scope and origin of the attack. Tier II focuses on mitigation, recovery, and remediation once an attack has occurred.

Tier II personnel will ensure reports are properly entered into the incident tracking system and will coordinate with the reporting entity to gain a complete understanding of the event and details. The applicant is expected to have knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors and be able to comprehend reports and determine what additional action and response activities may be required to resolve an incident. Follow established SOPs, policies, and other procedures for escalation and notification of Federal Leadership and reporting. The ideal candidate must have a strong understanding of Splunk SIEM and supporting forensic tools.

Candidates can be considered for any of the following shifts:

• Mon - Fri. (8am - 5pm)
• Sun - Wed. (6 am - 4 pm)
• Wed - Sat. (6 am - 4 pm)
• Sun - Wed. (Noon - 10 pm)
• Wed - Sat. (Noon - 10 pm)
• Sun - Wed. (9 pm - 7 am)
• Wed - Sat. (9 pm - 7 am)

Primary responsibilities will include, but not be limited to:

• Support/develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations
• Lead and/or actively participate in security-related meetings and discussions with the client
• Perform incident response analysis based on investigation requirements
• Participate in the remediation of incidents and responses that are generated from live threats against the enterprise
• Record and report all incidents per Federal and department policy
• Create and track network incidents and investigations to closure
• Serve as key personnel for Incident Management, providing coordination, task assignment, and process guidance for incident response event
• Monitor and investigate security events received through the SIEM or other security tools
• Carry out Level 2 triage of incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage, or appropriate routing of security or privacy data request)
• Manage assigned investigations to ensure they are being actively worked on and assist Tier 1 analysts as needed to resolve investigations
• Review, revise and recommend technical, process, and physical controls
• Develop and implement defensive cyber best practice tactics, techniques, and procedures

Required Qualifications:

• US Citizen and must be able to pass a background investigation (up to Top Secret)
• 5+ years of relevant work experience or a bachelor's degree with 2+ years of relevant experience
• MUST HAVE one of the following ACTIVE certifications: CISSP, GCIH, or CASP+
• Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.
• Demonstrate proficiency in the Incident Response Process and SOC operations, and a good understanding of threat hunting
• Good understanding of system log information and where to collect specific data/attributes as required for the Incident Event
• Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems' operations
• Experience performing log analysis and reporting
• Experience creating and tracking investigations to resolution
• Experience with Endpoint security solutions, including but not limited to Windows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools
• Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST, ISO)
• Solid understanding of the application, authentication, network security principles, and operating system hardening techniques
• General knowledge of cyber-attack frameworks (MITRE ATT&CK and Lockheed Cyber Kill Chain)
• Understanding of Computer Network Defense (CND) policies, procedures, and regulations
• SIEM monitoring and analysis, analyzing network traffic, log analysis, prioritizing and differentiating between potential intrusion attempts and false alarms
• Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategies
• Ability to work independently to address and resolve a security incident with minimal supervision
• Must be willing to work from the client site (Washington, DC)

Clearance:

Public Trust or equivalent clearance is desired. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

COVID-19 Vaccine Mandate:

Candidates must have received or be willing to receive the COVID-19 vaccination to be considered. Proof of vaccination is required. Medical and/or religious exemption requests will be considered. We will decide on your request for reasonable accommodation on a case-by-case basis.

EMKS is an Equal Opportunity/Affirmative Action Employer committed to hiring and retaining qualified and talented individuals, including protected veterans and individuals with disabilities. Our strategy and philosophy are to inspire, energize, and empower employees. We use E-Verify to validate employees' ability to work legally in the United States.