Sr. SOC Analyst - Incident Response

We are currently seeking a Sr. SOC Analyst to join our Cyber Threat Fusion Center (CFTC) team in New Carrollton, MD. This is a Hybrid position critical in safeguarding our network and assets, ensuring robust security measures and procedures are maintained. As a Sr. SOC Analyst, you will play a pivotal role in incident response, threat hunting, and security analysis within a high-stakes environment protecting substantial assets for the IRS.

Key Responsibilities:

• Lead complex security incident responses, from post-breach analysis to threat actor identification, leveraging netflow, PCAP analysis, and security event logs to identify and mitigate lateral movements and escalations.

• Utilize a deep understanding of endpoint analysis, leveraging tools and knowledge in PowerShell, and cloud security tools (e.g., Defender, AWS Security tools) to strengthen our security posture.

• Demonstrate proficiency in writing and understanding snort rules, with a strong capability in utilizing SIEM tools, specifically Splunk, for detailed incident analysis and resolution.

• Serve as an escalation point for security incidents, minimizing reliance on external escalation and providing comprehensive solutions.

• Engage in proactive threat hunting, leveraging network data, netflows, and PCAPs for detailed analysis, and employing log information analysis (sysmon, event ID, registry rights) to preemptively identify and neutralize threats.

Requirements:

• 5+ years of experience in Cyber Security, particularly within SOC/CIRT environments.

• Proven track record of handling full-cycle incident response and advanced threat analysis.

• Strong familiarity with Splunk Processing Language (SPL), capable of conducting sophisticated queries and analyses.

• Knowledge of attacker methodologies, including APT identification, indicators of compromise, and persistence mechanisms.

• Proficiency in network fundamentals and packet capture (PCAP) analysis tools such as Wireshark.

• Solid experience with scripting languages, preferably PowerShell, for automation and log analysis.

• Excellent communication skills, capable of working collaboratively within a team and presenting complex information clearly.

• Ability to obtain an IRS Public Trust clearance.

Preferred Qualifications:

• Certifications like SANS GIAC are advantageous but not mandatory.

• Passionate about cybersecurity, demonstrated through extracurricular activities such as Capture the Flag competitions, involvement in Cyber Clubs, or personal cybersecurity projects.

Compensation to include:

• Salary Range: $100,000 - $120,000 depending on experience

• Full Benefits: Cigna Medical, Dental, Vision, 401K, Paid Time off (PTO), etc.

#LI-CB1

#LI-HYBRID

Keywords: Cybersecurity, Incident Response, Splunk, Splunk SPL, SPL, Packet Capture, Wireshark, Wire Shark, Network Forensics, Threat Hunting, Intrusion Detection, Log Analysis, SIEM (Security Information and Event Management), Malware Analysis, Network Traffic Analysis, Forensic Analysis, Threat Intelligence, Security Operations Center (SOC), Vulnerability Assessment, IDS/IPS (Intrusion Detection System/Intrusion Prevention System), PCAP Analysis, Network Security, Anomaly Detection, Endpoint Detection and Response (EDR), Cyber Threats, Cyber Attack, Threat Mitigation, Forensic Investigation, Digital Forensics, Security Incident, Data Breach, Advanced Persistent Threat (APT), Insider Threat, Security Policies, Compliance Management, Security Architecture, Security Operations, Incident Handling, Network Security Monitoring (NSM), Security Awareness Training, Security Risk Assessment, Threat Intelligence Platforms (TIP), Security Analytics, Insider Threat Detection