Security Operations Center Analyst

Cyber Event Analyst

3-month W2 contract (with potential for FT conversion)

100% Remote (Sunday- Thursday; 5pm-1 am EST)

Pay Rate- $50-$55/hour

Responsibilities:

Our Fortune 500 media client’s Cyber Defense Operations team is responsible for providing cyber threat intelligence, event analysis, incident response and threat hunting for all areas of the company in a highly collaborative, fast paced, and agile fashion. As a member of the Cyber Response team, a candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats. The Senior Cyber Event Analyst is responsible for analysis, escalation and initial response actions of security events and alerts to incidents.

The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber event analysis and response actions. A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer response directions. Experience analyzing and responding to security events and incidents with practical and working knowledge of response analysis methodologies and enhancing security response processes. This is a shift-based role where the candidate will be assigned specific days and hours which will include Company holidays as well as be part of an on-call rotation to support the 24x7 all year-round Cyber monitoring of the organization and its subsidiaries.

The role involves regular interaction with various groups and leadership within the organization in order to accomplish job responsibilities. Working under the direction of the Manager, Cyber Response, the successful candidate will be responsible for participating in the following activities:

• Triage, scope, and disposition all security alerts or operational requests across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email) to identify threats needing to be escalated to Incident Response
• Day-to-day operational tasks related to the ongoing support of Cyber Operations.
• Responsible for documenting evidence throughout the incident life cycle, conducting shift handovers, escalating security events to incident response, and providing support during cyber security incidents
• Responsible for the ticket queue triage: prioritization, assignment and disposition of security incident tickets/events.
• Responsible for analyzing threat data from multiple sources and building evidence backed dispositions.
• Responsible for front line triage and response including some containment and remediation actions such as network isolation of hosts and blocking indicators of compromise within security perimeter tools.
• Analyst must keep detailed reports on all analysis activity, documented in the case management tool to validate process adherence.
• Responsible for contributing to the creation and updating of new and existing SOAR playbooks and runbooks and general response documentation.
• Identify operational gaps in security processes, provide ideas for solutions and take ownership for implementation.
• Peer review of tickets for fellow Cyber Event Analysts that request one.
• Managing the Cyber hotline during their shift.
• Act as a mentor to any Cyber Event Analysts and Intern’s that may be part of our team.
• Act as a SME for our team for our documented policies, processes and procedures.
• Identifying areas of educational/knowledge improvements including taking ownership of appropriate documentation and communication to the team.

The qualifications captured below provide an overview of the skills and capabilities required for this position.

Qualifications/Requirements:

• Bachelor’s Degree or above in an IT related field, Cyber Security relevant active certifications, and/or equivalent work experience
• Minimum 4 years working in Cyber Defense field with experience in Incident Response, Security Analysis or Security Operations Center (SOC)
• Hands-on experiences
• supporting SOC/incident response functions,
• in analyzing cybersecurity events, and incidents (malware, public cloud services, network/host intrusion, phishing, etc.),
• utilizing centralized logging platforms to perform log investigations,
• utilizing industry security tools/technologies to support cyber event analysis (EDR, public cloud services, WAF, e-mail security gateway, firewalls, etc.),
• host-based/network-based forensic tools and analysis,
• utilizing OSINT to support analysis,
• pulling artifacts from an endpoint (where applicable) to support a cyber investigation,
• with Cloud infrastructures as it relates to Cyber Security events/alerts (AWS, GCP, and/or Azure),
• Strong knowledge within the following areas
• cyber threat landscape to include different types of adversaries, campaigns, and the motivations that drive them,
• industry recognized security and analysis frameworks (Mitre ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.,
• understanding of when and how to escalate to direct management and/or on-call team member,
• scoping above and beyond what is presented to them within a cyber alerts/event or user reported item
• Working knowledge of core Enterprise IT concepts (web application architectures, networking, operating systems etc.)
• Strong communication (both verbal and written)
• Must be self-motivated and able to work both independently and as part of a team
• Ability to be on call and provide support during nontraditional working hours
• Well organized and ability to prioritize workload with minimal oversight
• Detail oriented
• Acting as a mentor to non-senior level Cyber Event Analysts and Interns

Desired Characteristics:

• Scripting experience (i.e., Python)
• Previous experience providing incident response/SOC support for Fortune 1000 companies or the Media and Entertainment industry
• Demonstrated experience working with network tools and technologies such as firewall, proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
• Relevant certifications (GCIA, GCIH, GCFA, GNFA, etc.)

Eight Eleven Group (Brooksource) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, sexual orientation, gender identity, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.