HHS SOC Analyst

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a SOC Analyst to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
Minimum 58 years of experience in SOC operations incident response or cybersecurity operations.
Hands-on experience with SIEM (Splunk) EDR (CrowdStrike) vulnerability tools and forensic tools.
Strong understanding of NIST SP 800-61 NIST 800-53 FISMA and federal incident response requirements.
Experience analyzing malware network traffic logs and cloud security events.
Ability to operate effectively in a 24x7 on-call SOC environment.
Strong written and verbal communication skills.
GCIH GCFA CISSP CEH or Security (preferred)

Duties:

Perform Tier 2/3 security event triage investigation and incident response in accordance with HRSA Incident Response Plans SOC SOPs and NIST SP 800-61.
Analyze alerts from SIEM EDR CSPM WAF and other SOC tools; determine scope severity and impact.
Conduct advanced threat hunting malware analysis and investigation of Indicators of Compromise (IOCs).
Support containment eradication and recovery actions for cybersecurity incidents.
Perform digital forensic analysis and preserve evidence following chain-of-custody procedures.
Develop and tune SIEM correlation rules detection logic dashboards and reports.
Support ransomware insider threat phishing DDoS and data breach investigations.
Produce incident reports forensic reports weekly SOC reports and final incident documentation.
Coordinate incident response activities with HRSA leadership system owners HHS CSIRC and CISA.
Participate in cyber exercises tabletop exercises and after-action reviews.
Maintain incident response SLAs for alert triage containment reporting and recovery validation.
Support FOIA searches OGC litigation holds and OIG investigations as required.
Develop scripts and automation to improve SOC efficiency.
Maintain and update incident response playbooks SOPs and workflows.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
Minimum 58 years of experience in SOC operations incident response or cybersecurity operations.
Hands-on experience with SIEM (Splunk) EDR (CrowdStrike) vulnerability tools and forensic tools.
Strong understanding of NIST SP 800-61 NIST 800-53 FISMA and federal incident response requirements.
Experience analyzing malware network traffic logs and cloud security events.
Ability to operate effectively in a 24x7 on-call SOC environment.
Strong written and verbal communication skills.
GCIH GCFA CISSP CEH or Security (preferred)

Duties:

Perform Tier 2/3 security event triage investigation and incident response in accordance with HRSA Incident Response Plans SOC SOPs and NIST SP 800-61.
Analyze alerts from SIEM EDR CSPM WAF and other SOC tools; determine scope severity and impact.
Conduct advanced threat hunting malware analysis and investigation of Indicators of Compromise (IOCs).
Support containment eradication and recovery actions for cybersecurity incidents.
Perform digital forensic analysis and preserve evidence following chain-of-custody procedures.
Develop and tune SIEM correlation rules detection logic dashboards and reports.
Support ransomware insider threat phishing DDoS and data breach investigations.
Produce incident reports forensic reports weekly SOC reports and final incident documentation.
Coordinate incident response activities with HRSA leadership system owners HHS CSIRC and CISA.
Participate in cyber exercises tabletop exercises and after-action reviews.
Maintain incident response SLAs for alert triage containment reporting and recovery validation.
Support FOIA searches OGC litigation holds and OIG investigations as required.
Develop scripts and automation to improve SOC efficiency.
Maintain and update incident response playbooks SOPs and workflows.