Lead Tier 2 SOC Analyst
| Company | Agile Defense |
|---|---|
| Location | Washington, DC, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Mid Level, Senior |
Requirements
- SOC Analyst or equivalent certification is required. (Equivalent certification covers similar level of information security domains or depth of knowledge and or experience.)
- Bachelor’s degree in Computer Science or IT related disciplines
- 3 years of related experience
- Possess expert knowledge of cybersecurity incident response lifecycle.
Responsibilities
- Oversee and coordinate the end-to-end cybersecurity incident response lifecycle, including preparation, identification, containment, eradication, recovery, and lessons learned.
- Analyze and prioritize security incidents escalated from Tier 1 SOC analysts, ensuring timely and effective response to mitigate risks.
- Create, update, and maintain incident response playbooks, standard operating procedures (SOPs), and workflows to ensure consistency and efficiency in handling incidents.
- Coordinate Response Activities: Collaborate with cross-functional teams (e.g., IT, legal, compliance, and external stakeholders) during incident response to ensure alignment and effective resolution.
- Collect, review, and interpret threat intelligence from internal and external sources (e.g., open-source intelligence, commercial feeds, or industry reports) to identify potential threats and vulnerabilities.
- Communicate relevant threat intelligence findings to Tier 1 and Tier 3 teams, as well as other stakeholders, to improve situational awareness and preparedness.
- Use forensic tools and techniques to collect and preserve evidence, ensuring chain of custody for potential legal or regulatory purposes.
- Leverage Security Information and Event Management (SIEM) systems and other tools to correlate events and identify patterns of malicious activity.
- Serve as the primary point of contact for the organization’s Cybersecurity Incident Response Capability, ensuring the team is prepared to handle incidents effectively.
- Guide and mentor Tier 1 and Tier 2 analysts, providing training on incident response techniques, tools, and best practices.
- Continuously assess and enhance the CSIRC’s capabilities, including tools, processes, and team readiness, to address evolving threats.
Preferred Qualifications
- ELK Stack (Elasticsearch, Logstash, Kibana)