Job Description –

2-5 years of relevant experience in SOC, Incident response or Cyber Forensics.

• At least 1 year of prior SOC experience (can include internships).

• Comfortable working in 24/7 rotational shift.

• Experience and knowledge conducting the following activities:

o Monitor and analyze traffic and events/alerts and advise on remediation actions.

o Review and assess impact and remediation actions for incidents.

o Investigate intrusion attempts and perform analysis of exploits by correlating various

sources and determining which system or data set is affected.

o Follow standard operating procedures for detecting, classifying, and reporting incidents.

o Analyze a variety of network and host-based security appliance logs (EDR, Firewalls, NIDS,

HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for

each incident.

o Independently follow procedures to identify, contain, analyze, document and eradicate

malicious activity.

o Escalate information regarding intrusion events, security incidents, and other threat

indicators and warning information to the client.

• Ability to communicate efficiently with internal team members at all levels and across functional

and organizational boundaries.

• Working knowledge of the TCP/IP suite/OSI layers of protocols.

• Conceptual knowledge of network and systems architecture.

• Familiarity with Intrusion Detection Systems configuration and operation.

• Web application architecture.

• Active Directory Solid understanding of how major application layer protocols function (e.g., HTTP,

SMTP, DNS).

• Knowledge of categories of malware and how they function (e.g., rootkits, trojans, adware,

exploits, fileless).

• Organizational skills and time management/prioritization.

• Comfortable working against deadlines in a fast-paced environment.