SOC Analyst
Orison Solutions LLC
Ashburn, VA
Job description
Job Title: SOC Analyst
Location: Ashburn, VA (Remote)
Experience: 2+ Entry Level
Work Authorization: USC, GC and EAD
Job Details:
Supporting the Cyber Defense Operations Center (CDOC) team, provide event triage, response, and log analysis, including:
4 Knowledge of Threat Actor tactics, techniques, and procedures (TTPs), log analysis, network traffic analysis, and analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise
5 Strong oral & written communication abilities to engage with internal stakeholders within & outside of InfoSec
6 Roles will support 8-hour work shifts (during the day)
7 Roles may require overtime, on-call, & weekend coverage (shift rotation) from time-to-time
- Triage events and alerts to determine if an incident has occurred including locating owners of assets, validating if an event was a true positive, and escalating incidents as necessary to the Incident Response team (CSIRT)
- Perform rapid response and triage of security reports from Cybercrime and other teams, appropriately investigating, containing, escalate based on the determination, and ticket closure
- Perform thorough analysis on email phishing reports and threats. Ensure appropriate containment & eradication is performed based on the threat perceived & documented guidance
- Facilitate communication and collaborate with internal teams, management, and external stakeholders to provide timely updates on incident progress
- Perform basic forensic examinations on hosts and support CSIRT on response tasks when engaged
- Create recommendations and requirements for content detection and response
- Splunk and Elasticsearch (SIEM/Logging)
- Splunk SOAR (Case Management)
- Endpoint Security: Microsoft Defender for Endpoint, CrowdStrike, Wazuh, & Tanium
- Network Security: Netskope SWG and CASB, Palo Alto IPS, CloudFlare WAF, Extrahop, & NetWitness
- IAM: Azure AD
- Intermediate knowledge of Public Cloud environments to support AWS & GCP threat response
4 Knowledge of Threat Actor tactics, techniques, and procedures (TTPs), log analysis, network traffic analysis, and analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise
5 Strong oral & written communication abilities to engage with internal stakeholders within & outside of InfoSec
6 Roles will support 8-hour work shifts (during the day)
7 Roles may require overtime, on-call, & weekend coverage (shift rotation) from time-to-time