Job Description :
Position - SOC Analyst
Location - Atlanta, GA
Mode - Contract
The resource would be expected to play active role in maintaining the integrity and security of Enterprise. He will have to own incident response, do triage and investigation, assist with classifying security events, develop remediation plan, provide guidance as needed and assist with system security compliance. The analyst will need to be familiar with forensic techniques and support customer interactions with 3 rd party forensics efforts.
The responsibility would include:
Process alerts received from Tier 2 SOC and Drive/Guide teams to take appropriate response actions on Security incident & events
Perform advanced dynamic analyses of potentially malicious artifacts, binaries captured in the environment and be very comfortable operating in a sandbox environment
Should know scripting (e.g. Python), PowerShell and have a deep understanding of operating system internals.
Should have expert level knowledge on EDR tools, and vast experiencing responding to various types of malware strains and attacks
Should have understanding of attack methodologies, how systems are initially compromised, how credentials are compromised, how lateral movement is performed, how exfiltration is identified, etc.
Should be able to articulate and construct SIEM queries to identify those attack tactics and techniques, which would generate alerts which would be further validated from threat hunting perspective
Have extensive experience and be very resourceful on collecting intelligence from OSINT channels
Should be expert level regarding SIEM platforms and using them to support investigation, custom queries and also usecase development.
Should be able to perform forensic functions (e.g. review of memory dump data to pull relevant artifacts, indications, caches), extract files/binaries, and reconstruct the attack timeline/sequence.
Should understand basic reverse engineering and code debugging
Should have expert level understanding of the Mitre Attack Framework and be able to participate in red team/blue team exercises. For the red team exercise should have proficiency to develop various stages of the attack (e.g. initial access/compromise, fileless exploits, credential dumping tools, remote command executions, lateral movement, exfiltration, etc
Act as liaison between the Enterprise and third parties performing forensic efforts, support the forensic efforts, and assist with project management of 3 rd party forensic efforts for the Enterprise.
Qualifications:
Bachelor39;s degree in Computer Science, Engineering, IT, Cybersecurity, or related field, or equivalent experience.
At least 7-10 years of professional experience in incident detection and response, malware analysis, or cyber forensics is required.
Extensive experience in at least one SIEM technology is required.
Extensive Experience in Incident Response, Log Analysis, Network Traffic Packet Analysis, and email analysis is required.
Should be able to use advanced forensic tools and techniques for attack reconstruction, and possess network security architecture and domain knowledge to develop systems and exploitation methods.
Good understanding of network security architecture, incident detection and response, malware analysis, and cyber forensics is required. (Actual experience is preferred
Good understanding in security control compliance, information risk management, or information systems risk assessment, and security tools implementation. (Actual experience is preferred
Good understanding of working and log formats of security technologies such as Firewalls, IPS/IDS, Proxies, Active Directory, Operating systems, DLP, NAC is required.
Good understanding of Cloud Security concepts is preferred.
Good understanding of forensic process and methods is required (actual experience is preferred)
Scripting knowledge – Python /Powershell or similar languages is preferred
CEH, ECIH , GCIH preferred.