SOC Engineer Tier 1 - DoED

NewWave Technologies
Washington, DC
Sep 16, 2021
Sep 22, 2021
Engineer, IT, QA Engineer
Full Time
OverviewAs a SOC Engineer, you and your team will be responsible for manning a 24x7x365 coordination center and responding to all alerts, notification, communications and incident reports. Ensure reports are properly entered into the incident tracking system and will coordinate with the reporting entity to gain full understanding of the event and details. Be expected to have knowledge of cybersecurity incidents, anomaly analysis, and be able to comprehend reports and determine what additional information may be required. Follow established SOP's, policies and other procedures for escalation and notification of Federal Leadership and reporting. The ideal candidate must have a strong understanding of Splunk SIEM and supporting forensic tools.Shifts:Team A Mid: Sun - Wed. (Noon - 10pm)Team B Mid: Wed - Sat (Noon - 10pm)Responsibilities Perform incident response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods. Participate in the remediation of incidents and responses that are generated from live threats against the enterprise. Recording and reporting all incidents per Federal policy and legislation. Creating and tracking network incidents and investigations. Monitor security events received through alerts from SIEM or other security tools Revise alerts escalated by end users Carry out Level 1 triage of incoming issues (initial assessing the priority of the event, initial determination of incident to determine risk and damage or appropriate routing of security or privacy data request) Carry out limited incident response to end users for low complexity security incidents Maintain assigned ticket queueQualifications US Citizenship with the ability to pass a federal background check to obtain a security badge. Minimum of 3+ years of SOC, Incident response, or related security experience is required Bachelor's Degree required or 2 additional years of experience i lieu of degree IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms Good understanding of system log information and what it means Strong understanding of enterprise networking (host based firewalls, anti-malware, hids, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems' operations, TCP / IP protocols, experience providing analysis and trending of security log data Experience creating and tracking investigations to resolution Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, Tenable.SC, QualysGuard, etc Experience with Endpoint security solutions, but not limited to: FireEye Solutions, Antivirus Solutions, EDR Tools is preferred Experience composing security alert notifications Ability concisely communicate events of a technical nature incident responders to assist in the investigation and resolve computer security incidents Very strong spoken and written communication and organizational skills

Similar jobs