CSOC Cyber Incident Response Tier II Analyst
CSOC Cyber Incident Response Tier II Analyst
Posted on :
13-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Location: Onsite in Hines IL Martinsburg WV or Austin TX
Required Clearance: Ability to obtain Tier 4 / High Risk Background Investigation
Required Education: Bachelors degree in computer science Cybersecurity Information Technology or a related field (or equivalent work experience)
Required Experience: 3 years of experience supporting incident response in an enterpriselevel Security Operations Center (SOC)
Description
PingWind is seeking a Cyber Incident Response Tier II Analyst to support our VA customer at Hines IL Martinsburg WV or Austin TX.
Certifications: Must currently have or be willing to obtain one of the following certifications (or equivalent):
GIAC Certified Incident Handler
ECCouncils Certified Incident Handler (ECIH)
GIAC Certified Incident Handler (GCIH)
Incident Handling & Response Professional (IHRP)
Certified Computer Security Incident Handler (CSIH)
Certified Incident Handling Engineer (CIHE)
ECCouncils Certified Ethical Hacker
Responsibilities
Perform realtime monitoring and triage of security alerts in Cybersecurity toolsets including SIEM and EDR
Make accurate determination of what alerts are false positives or require further investigation and prioritization
Lead and actively participate in the investigation analysis and resolution of cybersecurity incidents. Analyze attack patterns determine the root cause and recommend appropriate remediation measures to prevent future occurrences
Ensure accurate and detailed documentation of incident response activities including analysis actions taken and lessons learned. Collaborate with knowledge management teams to maintain uptodate incident response playbooks
Collaborate effectively with crossfunctional teams including forensics threat intelligence IT and network administrators. Clearly communicate technical information and incidentrelated updates to management and stakeholders
Identify and action opportunities for tuning alerts to make the incident response team more efficient
Monitor the performance of security analytics and automation processes regularly identifying areas for improvement and taking proactive measures to enhance their efficacy
Leverage Security Orchestration Automation and Response (SOAR) platforms to streamline and automate incident response processes including enrichment containment and remediation actions
Support the mentoring and training of more junior IR staff
Stay informed about the latest cybersecurity threats trends and best practices. Actively participate in cybersecurity exercises drills and simulations to improve incident response capabilities
Requirements
Work 100 onsite Tuesday through Saturday
A deep understanding of cybersecurity principles incident response methodologies and a proactive mindset to ensure our SOC operates effectively in a highpressure environment
Strong experience with security technologies including SIEM IDS/IPS EDR and network monitoring tools
Experience with enterprise ticketing systems like ServiceNow
Excellent analytical and problemsolving skills
Ability to work independently and in a team environment to identify errors pinpoint root causes and devise solutions with minimal oversight
Ability to learn and function in multiple capacities and learn quickly
Strong verbal and written communication skills
Preferred Qualifications
Ability to investigate Indicators of Compromise (IOCs) using Splunk by correlating logs from multiple sources to detect trace and assess threat activity across the enterprise
Experience leveraging Microsoft Defender for Endpoint (MDE) to perform endpoint investigations analyze process trees and validate IOCs during active threat scenarios
Ability to remediate phishing incidents including analysis of email headers links and attachments identifying impacted users and executing containment actions such as user lockouts email quarantine and domain blacklisting
Experience performing root cause analysis of malware leveraging PowerShell using tools such as MDE advanced hunting (KQL) and Splunk to identify infection paths attacker behavior and persistence mechanisms
About PingWind
PingWind is focused on delivering outstanding services to the federal government. We have extensive experience in the fields of cybersecurity development IT infrastructure supply chain management and other professional services such as system design and continuous improvement. PingWind is an SBA certified ServiceDisabled VeteranOwned Small Business (SDVOSB) with offices in Northern Virginia and Huntsville AL.
Our benefits include:
Paid Federal Holidays
Robust Health & Dental Insurance Options
401k with matching
Paid vacation and sick leave
Continuing education assistance
Short Term / Long Term Disability & Life Insurance
Employee Assistance Program through Sun Life Financial EAP Guidance Resources
Veterans are encouraged to apply
PingWind Inc. does not discriminate in employment opportunities terms and conditions of employment or practices on the basis of race age gender religious or political beliefs national origin or heritage disability sexual orientation or any characteristic protected by law
Required Experience:
IC
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
