SOC Analyst

Position Information

• Position Title: IR Engineer 3 / SOCAnalyst
• Location:Hybrid
  • If Hybrid how many days per weekMonday Thursday in client office / Fridayremote
  • Address: RaleighNC
• WorkAuthorization: US Citizens

Day to Day

• Divedeep into incident analysis by correlating data from varioussources determining if a

criticalsystem or data set has been impacted advising on remediation andsupporting new

analytic methods for detectingthreats

• Conduct incident handlingincluding containment eradication and recovering closingout

reports and lessons learned andescalating to specialized analysts or SOC managers during

malware analyses or adversity hunt missions

• Review alerts to determine relevancy andurgency and communicate alerts to agencies

regarding intrusions to the network infrastructureapplications and operating systems

• Collaborate with other teams to assess risk and enrichclient alerts
• Collect intrusion artifactsincluding source code malware and Trojans and usediscovered

data to enablemitigation and threat intelligence discovery

• Receive and analyze network alerts from various sourceswithin the enterprise and determine

possible causes of such alerts correlate incident data toidentify specific vulnerabilities and

makerecommendations that enable expeditious remediation

• Stay up to date with current vulnerabilitiesattacks and countermeasures
• Goal is to be thebest l3 analyst in their space
• Growth down theline

MustHaves

• In laymans terms whatdoes this person need to be doing in their job every day Whats theproblem they are solving Working with a leading biopharmcompany within their SOC center to work on best practices &evolving technology
• What type ofexperience is needed and how does this experience translate to theactual role
  • EDR SIEM Proxy Analysistools cyber tools etc.
• Top Must Haves
  • Lead a SOC or small team
  • How totriage in multiple endpoint detection tools
  • Very thick skin & great comms skills
• 3 years of experience as part ofa Computer Incident Response Team (CIRT) Computer

Emergency Response Team (CERT) ComputerSecurity Incident Response Center (CSIRC) or

Security Operations Center (SOC)

• CompTIA Net CompTIA A CompTIA Security GIAC CertifiedIncident Handler (GCIH) or

ECCouncil Certified SOC Analyst (CSA) (can speak the language notrequired)

• Education:BA or BS degree or 4 years of experience with equivalentCyber work (ideally)
• Soft Skills:thick skin no ego ability to gauge when the right time topush back on leadership (HEADS DOWN BOOTS ON THE GROUNDTYPE)

Nice to Haves

• Consulting experience specifically at the big four reallyprioritize
• Biopharm experience
• Military background
• GIAC CertifiedIncident Analyst (GCIA)
• MS in CyberOperations or related Cyber Security studies
• Splunk Core Certified Advanced Power User
• Analytic Path / Threat Analysis Endpoint

Resume:

• An IR person withexperience in Big 4 (Deloite EY
• Consulting /client facing experience
• How it affects thebusiness / clients is a big plus

BioPharma Companies nice to have

• Pfizer Inc. Pharmaceuticals andHealthcare
• Johnson & Johnson.Pharmaceuticals and Healthcare
• Merck & CoInc. Pharmaceuticals and Healthcare
• AbbVieInc
• BristolMyers Squibb Co
• Abbott Laboratories
• Eli Lilly andCo

Background

• Role/Position Background: IR Engineer3 / SOC experience
• Years ofExperience Needed: 35 years w/ degree 7 without not aleader / manager
• Types of environments candidates should becoming from Consulting / client facing

Selling points on positionand team

• Working with leading biopharmclient
• Brand new company with aggressivegrowth goals and future plans

Job Description

TheChallenge:

Are you ready to take anactive role in cyber defense Are you looking for an opportunityto

protect critical infrastructure from theconstant onslaught of cyber attacks If you want to

challenge your skills and stretch your limits by analyzingcyber threats realtime then come join

ourteam.

As an analyst on our SOC team youllmonitor and analyze threats using stateoftheart tools

like Cortex XSOAR Crowd Strike Fire Eye Tanium ElasticSplunk Securonix and Service Now.

Youll use your cyber security skillsto:

• Dive deep intoincident analysis by correlating data from various sourcesdetermining if a

critical system ordata set has been impacted advising on remediation and supportingnew

analytic methods for detecting threats

• Conduct incident handling includingcontainment eradication and recovering closing out

reports and lessons learned and escalating tospecialized analysts or SOC managers during

malware analyses or adversity hunt missions

• Review alerts to determine relevancy andurgency and communicate alerts to agencies

regarding intrusions to the network infrastructureapplications and operating systems

• Collaborate with other teams to assess risk and enrichclient alerts
• Collect intrusion artifactsincluding source code malware and Trojans and usediscovered

data to enablemitigation and threat intelligence discovery

• Receive and analyze network alerts from various sourceswithin the enterprise and determine

possible causes of such alerts correlate incident data toidentify specific vulnerabilities and

makerecommendations that enable expeditious remediation

• Stay up to date with current vulnerabilitiesattacks and countermeasures

Youll work withthe team to understand mitigate and respond to threats quicklyrestoring

operations and limiting the impact.Youll analyze incidents to figure out just how manysystems

are affected and assist recoveryefforts. Youll combine threat intelligence event data and

assessments from recent events and identify patterns tounderstand attackers goals to stop

them fromsucceeding. This is a great opportunity to build your cybersecurity skills with hands

on experience inthreat assessment and incident response. Join us as we protect ourclients

from malicious actors.

Empower change with us.

YouHave:

• 3 years ofexperience as part of a Computer Incident Response Team (CIRT)Computer

Emergency Response Team(CERT) Computer Security Incident Response Center (CSIRC)or

Security Operations Center (SOC)

• BA or BS degree or 4 years of experience withequivalent Cyber work
• CompTIA Net CompTIA ACompTIA Security GIAC Certified Incident Handler (GCIH)or

EC Council Certified SOC Analyst(CSA)

Nice If YouHave:

• GIAC CertifiedIncident Analyst (GCIA)
• MS in CyberOperations or related Cyber Security studies
• Splunk Core Certified Advanced Power User