SOC Analyst

Position Information

• Position Title: IR Engineer 3 / SOC Analyst
• Location: Hybrid
  • If Hybrid, how many days per week? Monday - Thursday in client office / Friday remote
  • Address: - Raleigh , NC
• Work Authorization: US Citizens

Day to Day

• Dive deep into incident analysis by correlating data from various sources, determining if a

critical system or data set has been impacted, advising on remediation, and supporting new

analytic methods for detecting threats

• Conduct incident handling, including containment, eradication, and recovering, closing out

reports and lessons learned, and escalating to specialized analysts or SOC managers during

malware analyses or adversity hunt missions

• Review alerts to determine relevancy and urgency and communicate alerts to agencies

regarding intrusions to the network infrastructure, applications, and operating systems

• Collaborate with other teams to assess risk and enrich client alerts
• Collect intrusion artifacts, including source code, malware, and Trojans, and use discovered

data to enable mitigation and threat intelligence discovery

• Receive and analyze network alerts from various sources within the enterprise and determine

possible causes of such alerts, correlate incident data to identify specific vulnerabilities, and

make recommendations that enable expeditious remediation

• Stay up to date with current vulnerabilities, attacks, and countermeasures
• Goal is to be the best l3 analyst in their space
• Growth down the line

Must Haves

• In layman's terms, what does this person need to be doing in their job every day? What's the problem they are solving? Working with a leading biopharm company within their SOC center to work on best practices & evolving technology
• What type of experience is needed and how does this experience translate to the actual role?
  • EDR, SIEM, Proxy Analysis tools, cyber tools, etc.
• Top Must Haves
  • Lead a SOC or small team
  • How to triage in multiple endpoint detection tools
  • Very thick skin & great comms skills
• 3+ years of experience as part of a Computer Incident Response Team (CIRT), Computer

Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), or

Security Operations Center (SOC)

• CompTIA Net+, CompTIA A+, CompTIA Security+, GIAC Certified Incident Handler (GCIH), or

EC- Council Certified SOC Analyst (CSA) (can speak the language - not required)

• Education: BA or BS degree or 4+ years of experience with equivalent Cyber work (ideally)
• Soft Skills: thick skin, no ego, ability to gauge when the right time to push back on leadership, (HEADS DOWN BOOTS ON THE GROUND TYPE)

Nice to Haves

• Consulting experience specifically at the "big four" really prioritize
• Biopharm experience
• Military background
• GIAC Certified Incident Analyst (GCIA)
• MS in Cyber Operations or related Cyber Security studies
• Splunk Core Certified Advanced Power User
• Analytic Path / Threat Analysis Endpoint

Resume:

• An IR person with experience in Big 4 (Deloite, EY
• Consulting / client facing experience
• How it affects the business / clients is a big plus

BioPharma Companies - nice to have

• Pfizer Inc. Pharmaceuticals and Healthcare
• Johnson & Johnson. Pharmaceuticals and Healthcare
• Merck & Co Inc. Pharmaceuticals and Healthcare
• AbbVie Inc
• Bristol-Myers Squibb Co
• Abbott Laboratories
• Eli Lilly and Co

Background

• Role/Position Background: IR Engineer 3 / SOC experience
• Years of Experience Needed: 3-5 years w/ degree, 7+ without not a leader / manager
• Types of environments candidates should be coming from? Consulting / client facing

Selling points on position and team

• Working with leading biopharm client
• Brand new company with aggressive growth goals and future plans

Job Description

The Challenge:

Are you ready to take an active role in cyber defense? Are you looking for an opportunity to

protect critical infrastructure from the constant onslaught of cyber attacks? If you want to

challenge your skills and stretch your limits by analyzing cyber threats real-time, then come join

our team.

As an analyst on our SOC team, you'll monitor and analyze threats, using state-of-the-art tools

like Cortex XSOAR, Crowd Strike, Fire Eye, Tanium, Elastic, Splunk, Securonix, and Service Now.

You'll use your cyber security skills to:

• Dive deep into incident analysis by correlating data from various sources, determining if a

critical system or data set has been impacted, advising on remediation, and supporting new

analytic methods for detecting threats

• Conduct incident handling, including containment, eradication, and recovering, closing out

reports and lessons learned, and escalating to specialized analysts or SOC managers during

malware analyses or adversity hunt missions

• Review alerts to determine relevancy and urgency and communicate alerts to agencies

regarding intrusions to the network infrastructure, applications, and operating systems

• Collaborate with other teams to assess risk and enrich client alerts
• Collect intrusion artifacts, including source code, malware, and Trojans, and use discovered

data to enable mitigation and threat intelligence discovery

• Receive and analyze network alerts from various sources within the enterprise and determine

possible causes of such alerts, correlate incident data to identify specific vulnerabilities, and

make recommendations that enable expeditious remediation

• Stay up to date with current vulnerabilities, attacks, and countermeasures

You'll work with the team to understand, mitigate, and respond to threats quickly, restoring

operations and limiting the impact. You'll analyze incidents to figure out just how many systems

are affected and assist recovery efforts. You'll combine threat intelligence, event data, and

assessments from recent events, and identify patterns to understand attackers' goals to stop

them from succeeding. This is a great opportunity to build your cyber security skills with hands

on experience in threat assessment and incident response. Join us as we protect our clients

from malicious actors.

Empower change with us.

You Have:

• 3+ years of experience as part of a Computer Incident Response Team (CIRT), Computer

Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), or

Security Operations Center (SOC)

• BA or BS degree or 4+ years of experience with equivalent Cyber work
• CompTIA Net+, CompTIA A+, CompTIA Security+, GIAC Certified Incident Handler (GCIH), or

EC- Council Certified SOC Analyst (CSA)

Nice If You Have:

• GIAC Certified Incident Analyst (GCIA)
• MS in Cyber Operations or related Cyber Security studies
• Splunk Core Certified Advanced Power User