Vacancy expired!
RESPONSIBILITIES:
Kforce has a client seeking a Tier 2 SOC Analyst in San Antonio, TX.
Summary:
Working within the Security Operations Center (SOC), the IT Associate Analyst tunes production alerts, acts as an escalation path for the first responders, and works on documentation and process improvement. The IT Associate Analyst monitors and responds to advanced threats within Customer environments, including alerts from: SIEMs, Firewalls, Vulnerability Scanners, IDS/IPS (host and network based), Application Control systems, and Anti-Virus software.
Responsibilities:
Respond to antivirus detections by performing scans, attempting remediation, and escalation as required
Multitask and prioritize work based on associated risk
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
Coordinate with enterprise-wide cyber defense staff to correlate threat assessment data and validate network alerts
Create auditable evidence of security measures
Document and escalate incidents (including event history, status and potential impact for further action) that may cause ongoing and immediate impact to the environment
Implement IP blocks in customer firewalls to reduce attack surface
Examine network topologies to understand data flows through the network
Identify network mapping and operating system (OS) fingerprinting activities
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
REQUIREMENTS:
Bachelor's degree and/or 3-5 years of experience in a SOC
Professional certifications such as CompTIA Security+, Network+, Linux+, or SANS GIAC GSEC, GCIH, and/or equivalent professional experience or education preferred
Strong knowledge of and hands-on experience with the OSI model
Security tools and programming languages including: Wireshark/tcpdump, Security Management Systems (SMS), and Regular Expressions/Powershell
Experience with network investigations reviewing endpoint logs, network traffic logs, and security solutions
Operating systems knowledge and systems administration skills for various versions of UNIX, LINUX, and Windows and ability to read and understand Windows logs
Strong knowledge of the various security solutions such as AV, IPS, IDS, SIEM, firewalls and proxies
Comprehensive understanding of Incident Response Handling procedures, and break the chain exercises
Information Security and Compliance industry standards and best practices
A keen interest in security and the need for the confidentiality, integrity and availability of information and information systems to be maintained
Excellent analytical skills
Excellent communication, presentation and listening skills
Excellent organizational and time-management skills. and the ability to multi-task and prioritize
High level of integrity, judgment and situational awareness
Ability to work both independently and collaboratively with peers, across teams, and with management
Flexibility and adaptability to change
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
