XOR Security is looking for a Senior SOC Analyst/Detection Engineer to perform the
• Play an integral role in assessing and establishing a framework for Security Audit (Continuous) Monitoring Operations in a 24x7x365 environment comprised of High Value Assets (HVAs)
• Leveraging MITRE ATT&CK framework and best practices, develop detection and alerting content from various sources including system level logs, security events in platforms such as Splunk, Palantir, and priority data analytic platforms.
• Escalate and report potential user-related incidents by creating and updating incident cases and tickets.
• Support and lead incident response and investigation activities on potential security threats (external and internal).
• Perform risk assessment analysis for Privilege Access Management (PAM) for elevated, global, privileged users and users with access to sensitive data sources
• Provide monitoring of Identity Access Management (IAM) capabilities to assess the repository of user identity data, automated fulfillment of resource provisioning and deprovisioning workflows, and a request/ approval mechanism to facilitate user self-service for application/ resource access.
• Establish monitoring operations of full logging and auditing capabilities from IAM and PAM capabilities
• Create deliverables in support of monitoring and analysis activities to include daily summary reports
• Review deliverables created by the User Activity Monitoring and Security Audit Monitoring teams leveraging a deep understanding of security and privacy principles and solutions.
• Confirm the accuracy of anomalous activity and incident management statistics.
• Document HVA Incident risk mitigation strategies and alternative solutions for security and Counter-Insider Threat (CINT) risk areas.
• Support resolution of identified defects through analyses, presentations and coordination meetings.
• Establish and maintain an internal CINT risk register to track potential security and privacy weaknesses.
• Provide continuous monitoring assessment and validation of Security Audit Monitoring operations where output is specified, developed and tested to meet and demonstrate compliance with security and CINT requirements.
• Work with the existing Cybersecurity Operations team, and/or any other pertinent parties (to include external vendors) at any location to recover from any incident. Work shall be done in coordination with external service providers, system owners, system administrators, and Information System Security Officers (ISSOs)
• Maintain a set of Government furnished portable vulnerability assessment, digital media analysis, and malware analysis tools to support deployment missions, to be used for critical incident response efforts and in response to high priority initiatives determined by leadership. Deliverables for Incident Assessment and Response Support include an Incident Assessment and Response Report.
• Minimum 2 years of experience as a cybersecurity analyst
• Minimum Associates Degree
• Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
• Experience identifying insider threats
• Experience assessing and monitoring Privilege Access Management (PAM) and Identify Access Management (IAM) platforms
• Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
• Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
• Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
• Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources (e.g., windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
• Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
• A working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
• Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances are strongly desired
• Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
• One or more of the following certifications: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
• An understanding in researching Emerging Threats and recommending monitoring content within security tools.
• Familiar with DHS CISA’s Security Architecture Review (SAR) process
• Experience with performing assessments on High Value Assets (HVAs)
• Experience with one or more of the following technologies and specific tools: Splunk (including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir, CyberArk
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.
- Salary: $150000 - $160000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Associates Degree
- Travel: Not Provided
- Telework: Full Telecommute