HVA SOC Analyst

XOR Security is looking for an HVA SOC Analyst to perform the following duties:

• Conduct security event monitoring and triage for a 24x7 SOC program that focuses on organizational High Value Assets (HVA).
• Play an integral role in assessing and establishing a framework for Security Audit (Continuous) Monitoring Operations in a 24x7x365 environment comprised of High Value Assets (HVAs)
• Escalate and report potential user-related incidents by creating and updating incident cases and tickets
• Perform risk assessment analysis for Privilege Access Management (PAM) for elevated, global, privileged users and users with access to sensitive data sources
• Provide monitoring of Identity Access Management (IAM) capabilities to assess the repository of user identity data, automated fulfillment of resource provisioning and de-provisioning workflows, and a request/ approval mechanism to facilitate user self-service for application/ resource access.
• Create deliverables in support of monitoring and analysis activities to include daily summary reports
• Review deliverables created by the User Activity Monitoring and Security Audit Monitoring teams leveraging a deep understanding of security and privacy principles and solutions.
• Confirm the accuracy of anomalous activity and incident management statistics.
• Document HVA Incident risk mitigation strategies and alternative solutions for security and Counter-Insider Threat (CINT) risk areas.
• Support resolution of identified defects through analyses, presentations and coordination meetings.
• Establish and maintain an internal CINT risk register to track potential security and privacy weaknesses.
• Provide continuous monitoring assessment and validation of Security Audit Monitoring operations where output is specified, developed and tested to meet and demonstrate compliance with security and CINT requirements.

Required qualifications

• Minimum 4 years of experience as a cybersecurity analyst
• Minimum Bachelors Degree
• Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
• Experience assessing and monitoring Privilege Access Management (PAM) and Identify Access Management (IAM) platforms
• Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
• Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
• Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources (e.g., windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
• Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
• A working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.

Desired qualifications

• Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances are strongly desired
• Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
• One or more of the following certifications:  GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
• An understanding in researching Emerging Threats and recommending monitoring content within security tools.
• Familiar with DHS CISA’s Security Architecture Review (SAR) process
• Experience with performing assessments on High Value Assets (HVAs)
• Experience with one or more of the following technologies and specific tools: Splunk (including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir, CyberArk

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.