CSOC Tier 3 Analyst

CSOC Tier 3 Analyst

**Immediate Opportunity**

**Onsite**

CSEngineering is looking to add a CSOC Tier 3 Analyst to our growing team! As the Cyber Security Operations Center (CSOC) Tier 3 Team Lead, you are responsible for overseeing and managing the activities of the Security Operations Center. Your role involves leading a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment. As a CSOC Team Lead, you play a critical role in safeguarding the organization's assets, data, and reputation from cyber threats. Leadership skills, technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role.

JOB RESPONSIBILITIES

· Team Management: You are responsible for building and managing a highly skilled and efficient team of Tier 3 Security Analysts. This involves hiring, training, and mentoring security analysts, engineers, and other team members. You will ensure that each team member understands their roles, responsibilities, and goals within the SOC.

· Effectively communicate information to stakeholders of all levels.

· Incident Response: Coordinating the response to security incidents is a crucial aspect of your role. When a security incident occurs, you will lead the team in analyzing and containing the threat, mitigating the impact, and initiating recovery procedures.

· Security Monitoring and Detection: Overseeing the continuous monitoring of security events and alerts to identify potential security breaches or threats. This includes analyzing logs, network traffic, and security tools to detect anomalous behavior and suspicious activities.

· Threat Intelligence: Keeping abreast of the latest security threats, vulnerabilities, and attack techniques is essential. You will be responsible for integrating threat intelligence into your SOC's processes and ensuring the team is well-informed about emerging risks.

· Incident Analysis and Reporting: Your team will investigate and analyze security incidents to understand their root cause and potential impact. You will generate incident reports for both technical and non-technical stakeholders, including management and relevant authorities.

· Security Tooling and Technology: Evaluating and implementing security technologies, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other security tools that enhance the SOC's capabilities.

· Process Improvement: Continuously improving SOC procedures, workflows, and playbooks to streamline incident response and enhance overall security operations.

· Collaboration: Working closely with other teams in the organization, such as IT, network operations, compliance, and legal, to ensure effective communication and coordination during security incidents.

· Compliance and Regulations: Ensuring that the SOC operates in compliance with relevant security standards, regulations, and policies.

· Training and Awareness: Conducting regular security awareness training for employees to enhance the overall security posture of the organization.

REQUIRED CERTIFICATIONS AND QUALIFICATIONS

· 5+ years of experience within a cybersecurity environment; experience in a leadership role is preferred.

· Bachelors in information technology, Computer Science, or a related field; or relevant, commensurate work experience

· Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents.

· CISSP, Network+, CEH, SANS FOR578: Cyber Threat Intelligence, SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics, Splunk Core Certified Advanced Power User, Splunk Administrator, and Splunk SOAR administrator.

· Knowledge of MITRE ATTACK framework.

· Vulnerability/cyber incident management framework

· Experience in SOC Tier 3, managing a team of individuals.

· Experience with digital forensics and process

· Knowledge of Splunk, Crowdstrike, tenable, forescout, Xscalar, BigFix, MS360, Encase, Fireeye, Cortex SOAR XDR, Prisma.

PREFERRED SKILLS AND EXPERIENCE

· Endpoint and network security experience required; IDS, IPS, EDR, ATP, Malware defenses and monitoring experience.

· Threat hunting experience preferred.

· Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.

· Working knowledge of incident response procedures.

· Experience with SQL query construction preferred.

· Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems.

· Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.

· Strong understanding of Windows event log analysis

· Experience with enterprise information security data management - SIEM experience a plus.

· Programming and scripting skills a plus.

· Excellent troubleshooting and analytical thinking skills.

· Strong documentation and communication skills.

· Advanced Cyber Security certifications are preferred but not required.

· Excellent customer service skills.

Location: Parklawn Drive, Rockville MD (Onsite)

COMPANY OVERVIEW

CSEngineering is a Service-Disabled Veteran-owned small business that was founded in 2002 with the mission of being the best engineering and services firm in our industry while achieving the highest level of client satisfaction. CSEngineering has significant past performance with satellite systems, weapons and missile systems, naval architecture and engineering, aviation systems, and IT and Enterprise Architecture. We have come a long way since we were founded and now also provide services with focuses on logistics, item management, administration, equipment specialization, program management, configuration management, financial management, LAN operations, information technology and maintenance, development and operation of missile system laboratories, the operation of data collection systems, database, and information management support, demilitarization processes and DevSecOps. We could not achieve this without the dedication of our employees to their work and the clients we serve. Additionally, CSE is a Hire Vets Gold Medallion award recipient. The HIRE Vets Medallion Award is the only federal-level veterans' employment award that recognizes a company or organization's commitment to veteran hiring, retention, and professional development. CSEngineering truly values its people, wants them to love their jobs, and to build their careers with us. We are forever dissatisfied with status quo and are always looking for a better way to do things, not so much out of competitiveness, but out of a desire to simply be THE BEST and to lead our industry.

CSE offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.

CSE is an equal opportunity employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity and veteran status.