Senior SOC Analyst (Top Secret) - On-Site (Washington, DC/Metro Area)

McLean, VA, United States

Applications have closed

Mandiant

Threat Intelligence Solutions. Mandiant is recognized as the leader in threat intelligence with expertise gained on the frontlines of cyber security.

View company page

Company Description

Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Job Description

Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.  Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.

The Senior SOC Analyst (Incident Response) is responsible for support to the response management processes in the event of High Severity Incidents. The Senior SOC Analyst also acts as a point of escalation for SOC Analysts and provides mentorship.

Responsibilities

  • Serve as the lead responder for incidents that require investigative response and remediation.
  • Assist in developing the incident response strategy and then creating and assigning response actions to Event Triage Analysts as needed.
  • Determine initial incident stakeholders and initiate the incident notification process.
  • Lead initial incident notification call (optional based on incident type) and subsequent incident update conference calls.
  • Provide information to key stakeholders as determined by the escalation matrix.
  • Develop strategic decisions for Sponsor CERT regarding incidents.
  • Approve the initial incident notification and subsequent incident updates.
  • Ensure all actions identified during the incident response process are documented.
  • Conduct verbal incident handoff to other region’s designated Incident Handler at end of business day.
  • Determine when incident is officially resolved and closed.
  • Conduct lessons learned meeting and develop the official Incident Report.
  • Assist in training Triage Analysts on new processes/tools.
  • -  Serve as an escalation point for TIER 1 Analysts for complex/unusual alerts/cases/requests/incidents.
  • Identify new Playbooks that need to be developed based on incident reviews.
  • Act as subject matter expert regarding incident response activities.
  • Identify and communicate gaps in being able to effectively respond to incidents.
  • Develop detection logic to assist in detecting malicious activity.
  • Lead significant SOC projects, focused on enhancements to detection and incident response capabilities and other improvements to core SOC workflow / process / documentation.

Qualifications

  • SECRET/TOP SECRET Clearance
  • This position will require being on-site 4-5 days a week. 
  • A Bachelor’s Degree from an accredited college and six years of satisfactory full-time experience related to projects and policies required by the position; OR
  • Education and/or experience which is equivalent to the above
  • DoD 8570 Certifcation

Preferred Skills

  • 1-3 years of experience detecting and responding to cyber intrusions.
  • Security+, CEH, CASP or similar Cyber Security or Incident Response Certifications
  • Strong communication skills, both written and oral.
  • Thorough knowledge of operating systems, networking, and host analysis.
  • Detailed understanding of attacker tactics, tools, and techniques.
  • Strong analytical and investigative mindset

Additional Information

As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.

At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

This position will be on-site at a Customer site in McLean, VA

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CASP+ CEH CERT Clearance Cyber defense DoD DoDD 8570 Incident response SaaS SOC Strategy Threat intelligence Top Secret Top Secret Clearance

Perks/benefits: Team events

Region: North America
Country: United States
Job stats:  4  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.