Previous Job
Security Operations Center (SOC) Analyst, Lead
Ref No.: 18-00003
Location: Manassas, Virginia
Start Date: 01/10/2018
The Security Operations Center (SOC) Analyst, Lead monitors, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security. The Security Operations Center (SOC) Analyst, Lead conducts vulnerability assessments and monitor systems, network, databases and Web for potential system breaches. The Security Operations Center (SOC) Analyst, Lead responds to alerts from information security tools and reports, investigates and resolves security incidents. The Security Operations Center (SOC) Analyst, Lead is responsible to educate and communicate security requirements and procedures to all users and new employees. The Security Operations Center (SOC) Analyst, Lead recommends and implements changes to enhance systems security and prevent unauthorized access. The Security Operations Center (SOC) Analyst, Lead researches security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach. The Security Operations Center (SOC) Analyst, Lead ensures compliance with regulations and privacy laws. The Security Operations Center (SOC) Analyst, Lead oversees internal or external systems security (i.e. cloud services). The Security Operations Center (SOC) Analyst, Lead is highly skilled and proficient in discipline. The Security Operations Center (SOC) Analyst, Lead conducts complex work important to the organization and works under minimal supervision with wide latitude for independent judgment. The Security Operations Center (SOC) Analyst, Lead is assigned to managing employee performance and behavior and works with the Manager, Security in addressing employee and hiring opportunities.
1. 40%: Manages the customer relationship to ensure all customer needs are being met, meets with the customer to report the status of assigned SOC tasks, delegates and prioritizes customer assigned work, and provides updates on all aspects of the SOC to the Manager, Security.
2. 20%: Managing employee performance and behavior and works with the Manager, Security in addressing employee and hiring opportunities.
3. 15%: Responsible for Malware analytics & vulnerability assessments that assist in identifying and mitigating MiTM, Ransomware, and Heartbleed attacks, as well as perform vulnerability scans and penetration testing.
4. 15%: Assists with ACL recommendations and router/switch/firewall configurations. Develops training materials, as well as conduct training events (i.e. brown bag lectures). Works with Ventech vendors to provide Tier III support. Helps solve Tier I & Tier II incidents and events.
5. 10%: Responsible for Incident Response work that includes identifying attack vectors, providing malware removal strategies, backup and restoration strategy, identifying IOCs, and compromised host isolation techniques.
Bachelor's Degree
Study/Major: Computer Science or Information Systems
Type of Credentials/Licenses: Security related certification from the ANSI/ISO/IEC 17024 list is required upon hiring, intermediate to advanced level certification or multiple certifications preferred. Certifications may be considered as a replacement for a degree depending on level and quantity of relevant certifications.
Related Work Experience: 6-8 years
Describe below the work experience / skills / abilities required to perform the job effectively.
•Demonstrated the ability to assist lower level staff members with developing their skills.
•Strong documentation skills, attention to detail, and critical/innovative thinking.
•Strong internal and external verbal and written communication skills.
•Intermediate IT knowledge in more than one of the following areas:
• Cloud environments, Networking, Operating Systems (Solaris, RHEL, and/or Windows),
Databases, Application development and/or Project management
Advanced knowledge in the following areas:
•Incident Response Tasks: Identify unapproved processes, identify attack type/vector, determine threat
breadth, identify host IOCs, identify false vs. real threats, analyze Tool alerts, identify Host involvement,
compare scan results, identify incident/event, determine priority level, analyze logs, initiate appropriate
Host Scan, validate IP address, identify customer POC, remedy incident creation, enact recall list,
open Triage line, document incident, communicate incident, gather incident details.
•Remedy Incidents Assignments: Timely follow-up, create Remedy Incident, provide incident details,
assign to appropriate groups.
•Security Training: Incident responses, knowledge of latest Security trends and Security methodology.
•Leadership Traits: Self-starter, attention to detail, documentation skills, explanation frequency, time
•Network Monitoring: Traffic Analysis, Systems Resource Management
•Forensic Support: ACL List, RAM Dumping, Host Imaging
•Malware Analytics: MiTM, Heartbleed, Bash Attempts, SQL Injections, Dos/DDos
•Vulnerability Assessment: Penetration testing, proper Nessus Scan
•Security Tool Management: Vendor support, troubleshoot outage/degradation, identify Heath Status
•Prior supervisory experience preferred.
Scope 5: Supervisor / Team Lead
This position reports to Manager, Security. This position serves as a resource for other employees. May communicate instructions, do minor scheduling and inspect work. May provide input in hiring, terminating, disciplining, promoting, demoting, transfers or appraising of employees.