CSOC Tier 2 Analyst

at  CSEngineering

REQUIRED CERTIFICATIONS AND QUALIFICATIONS

• Bachelors in information technology, Computer Science, or a related field; or relevant, commensurate work experience.
• 5+ years of experience within a Level Tier 2 cybersecurity environment; experience in a leadership role is preferred.
• Robust Certification Portfolio including Security+, Network+, CEH, Azure or Cloud Certification, and Splunk Core Certified Power User.
• Ability to work a day or night shift rotational schedule.
• Vulnerability/cyber incident management framework.
• Experience with advanced technologies such as: Splunk SaaS, Splunk Enterprise Security, Splunk SaaS UBA, Crowdstrike, Tenable, Forescout, zScaler, Bigfix, MaaS-360 (IBM MaaS-360), and Encase for forensic investigations, Fireeye, Cortex XSOAR, Cortex XDR, and Prisma-Access.
• Prior HHS experience a plus.

• Respond promptly and effectively to security incidents and threats discovered by CSOC Analyst Level I and carry out effective Level II analysis of incidents.
• Remediation of incidents and escalation when necessary to Tier 3 support
• Initial assessment of the scope of the attack and affected systems
• Accurately document cases during investigations and effectively communicate findings to Level I Analyst or escalation team to ensure complete handover of work streams.
• Continuously improve incident management processes through periodic threat hunting exercises, knowledge optimization effort building, and by comprehensive diagnosis and analysis of incident trends.
• Follow the issue tracking, escalation policies and work effectively across all CSOC tiers as the technical competence requires.
• Dedicated monitoring and analysis of cyber security events by use of SOC tools
• Incident Response generation and reporting IAW established procedures.
• Provide Level II technical support in CSOC operations and activities.
• Provide daily/weekly updates on CSOC operations and developments.
• Conduct Forensic analysis and respond to data call activities.
• Generate quality technical reports containing methodologies, findings, and recommendations.
• Work with external stakeholders to understand operational needs and develop effective processes.
• Maintain a current understanding of industry trends, emerging cyber threats, and new solutions which may impact CSOC activities.
• Collaborate with CSOC SME to ensure optimal performance using CSOC technology.
• Identify, reverse engineering and de-obfuscating digital content related to an incident.