The Goal, an IT Staffing firm is seeking a SOC Threat Intel Analyst that will be a part of an Enterprise Security team in Morrisville North Carolina
Identify the Cybersecurity events related to well-resourced, sophisticated adversary, which uses multiple attack vectors such as cyber, physical, and deception to achieve its objectives. Follow Advanced Persistent Threat (APT) procedures and systems to respond to complex threat behaviors or indications requiring experts to hunt and characterize APTs.
- Identify security problems which may require mitigating controls.
- Perform forensic examinations on various network and endpoint systems stemming from a cyber-intrusion associated with APT, malware, and DDOS attacks.
- Assist in providing threat and damage assessment for security incidents which may impact Customer assets.
- Collaborate with technical and threat intelligence analysts to provide indications and warnings, and contribute to predictive analysis of malicious activity.
- Effectively collaborate with colleagues and counterparts internally and externally.
- Execute appropriate response activities established in SOPs, direct activity of responding resources including local IT coordinators and operations personnel.
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises, and perform careful reviews and analyses of relevant event detail and summary information.
- Perform as a Cyber Security Incident Responder within a SOC environment.
- Experience managing cases with enterprise SIEM systems like ArcSight, Splunk or Sourcefire.
- Bachelor's Degree in Computer Science, Information Technology or Cybersecurity related field.
- Over 3 years of highly relevant experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) and/or a Cyber Security Operations Center (CSOC).
- One or more cybersecurity certifications, such as, GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), EC-Council Incident Handler (ECIH)
- Expert level ability to conduct packet analysis and ability to recommend and add custom monitoring policies and signatures within network detection tools.
- Demonstrable experience with Security Operation tools inclusive of products from SPLUNK, FireEye, Looking Glass, Intel, Endgame, StealthWatch, RSA, Tanium.