Zachary Piper Solutions is currently seeking a SOC Analyst - Incident Response to support a Federal agency that is based in Lanham, MD. This position is a full time role that will be done remotely, although the candidate will need to live local to the DC Metro area and be flexible when it comes to being on site as needed. This position is critical in safeguarding our network and assets, ensuring robust security measures and procedures are maintained. As a Sr. SOC Analyst, you will play a pivotal role in incident response, threat hunting, and security analysis within a high-stakes environment protecting substantial assets for the IRS.

REQUIREMENTS:

• 0 - 2 years of experience in Cyber Security, particularly within SOC/CIRT environments.
• Proven track record of handling full-cycle incident response and advanced threat analysis.
• Strong familiarity with Splunk Processing Language (SPL), capable of conducting sophisticated queries and analyses.
• Knowledge of attacker methodologies, including APT identification, indicators of compromise, and persistence mechanisms.
• Proficiency in network fundamentals and packet capture (PCAP) analysis tools such as Wireshark.
• Solid experience with scripting languages, preferably PowerShell, for automation and log analysis.
• Ability to obtain an IRS Public Trust clearance.

• Lead complex security incident responses, from post-breach analysis to threat actor identification, leveraging netflow, PCAP analysis, and security event logs to identify and mitigate lateral movements and escalations.
• Utilize a deep understanding of endpoint analysis, leveraging tools and knowledge in PowerShell, and cloud security tools (e.g., Defender, AWS Security tools) to strengthen our security posture.
• Demonstrate proficiency in writing and understanding Snort (or Defender) rules, with a strong capability in utilizing SIEM tools, specifically Splunk, for detailed incident analysis and resolution.
• Serve as an escalation point for security incidents, minimizing reliance on external escalation and providing comprehensive solutions.
• Engage in proactive threat hunting, leveraging network data, netflows, and PCAPs for detailed analysis, and employing log information analysis (sysmon, event ID, registry rights) to preemptively identify and neutralize threats.