XOR Security is looking for a Senior SOC Analyst/Detection Engineer to perform the
• Play an integral role in assessing and establishing a framework for Security Audit
(Continuous) Monitoring Operations in a 24x7x365 environment comprised of High
Value Assets (HVAs)
• Leveraging MITRE ATT&CK framework and best practices, develop detection and
alerting content from various sources including system level logs, security events in
platforms such as Splunk, Palantir, and priority data analytic platforms.
• Escalate and report potential user-related incidents by creating and updating incident
cases and tickets.
• Support and lead incident response and investigation activities on potential security
threats (external and internal).
• Perform risk assessment analysis for Privilege Access Management (PAM) for elevated,
global, privileged users and users with access to sensitive data sources
• Provide monitoring of Identity Access Management (IAM) capabilities to assess the
repository of user identity data, automated fulfillment of resource provisioning and deprovisioning workflows, and a request/ approval mechanism to facilitate user self-service
for application/ resource access.
• Establish monitoring operations of full logging and auditing capabilities from IAM and
• Create deliverables in support of monitoring and analysis activities to include daily
• Review deliverables created by the User Activity Monitoring and Security Audit
Monitoring teams leveraging a deep understanding of security and privacy principles and
• Confirm the accuracy of anomalous activity and incident management statistics.
• Document HVA Incident risk mitigation strategies and alternative solutions for security
and Counter-Insider Threat (CINT) risk areas.
• Support resolution of identified defects through analyses, presentations and coordination
• Establish and maintain an internal CINT risk register to track potential security and
• Provide continuous monitoring assessment and validation of Security Audit Monitoring
operations where output is specified, developed and tested to meet and demonstrate
compliance with security and CINT requirements.
• Work with the existing Cybersecurity Operations team, and/or any other pertinent parties
(to include external vendors) at any location to recover from any incident. Work shall be
done in coordination with external service providers, system owners, system
administrators, and Information System Security Officers (ISSOs)
• Maintain a set of Government furnished portable vulnerability assessment, digital media
analysis, and malware analysis tools to support deployment missions, to be used for
critical incident response efforts and in response to high priority initiatives determined by
leadership. Deliverables for Incident Assessment and Response Support include an
Incident Assessment and Response Report.
• Minimum 2 years of experience as a cybersecurity analyst
• Minimum Associates Degree
• Strong analytical and technical skills in computer network defense operations, ability to
lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous
pattern detection and content management) and Malware Analysis.
• Experience identifying insider threats
• Experience assessing and monitoring Privilege Access Management (PAM) and Identify
Access Management (IAM) platforms
• Prior experience and ability to with analyzing information technology security events to
discern events that qualify as legitimate security incidents as opposed to non-incidents.
This includes security event triage, incident investigation, implementing
countermeasures, and conducting incident response.
• Previous hands-on experience with a Security Information and Event Monitoring (SIEM)
platforms and/or log management systems that perform log collection, analysis,
correlation, and alerting is required (preferably within Splunk).
• Ability to develop rules, filters, views, signatures, countermeasures and operationally
relevant applications and scripts to support analysis and detection efforts.
• Strong logical/critical thinking abilities, especially analyzing security events from host
and network event sources (e.g., windows event logs, AV, EDR, network traffic, IDS
events for malicious intent).
• Strong proficiency Report writing – a technical writing sample and technical editing test
will be required if the candidate has no prior published intelligence analysis reporting,
excellent verbal and written communications skills and ability produce clear and
thorough security incident reports and briefings.
• A working knowledge of the various operating systems and platforms (e.g., Windows,
OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in
enterprise networks, a conceptual understanding of Windows Active Directory is also
required, and a working knowledge of network communications and routing protocols
(e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and
standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Experience with the identification and implementation of counter-measures or mitigating
controls for deployment and implementation in the enterprise network environment.
• Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances
are strongly desired
• Bachelor’s Degree in Information Technology, Cyber Security, Computer Science,
Computer Engineering, or Electrical Engineering
• One or more of the following certifications: GCIA, GCED, GCFA, GCFE, GCTI,
GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
• An understanding in researching Emerging Threats and recommending monitoring
content within security tools.
• Familiar with DHS CISA’s Security Architecture Review (SAR) process
• Experience with performing assessments on High Value Assets (HVAs)
• Experience with one or more of the following technologies and specific tools: Splunk
(including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir, CyberArk
XOR Security offers a very competitive benefits package including health insurance coverage
from first day of employment, 401k with a vested company match, vacation and supplemental
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet
eligibility requirements – US CITIZENSHIP REQUIRED.
- Salary: $130000 - $160000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Full Telecommute