Interview Process: 1 Round of Virtual/Online Interviews - potential for second round of in-person interviews
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Work Location: Role is 100% Remote
Candidate location: No SC residency required. Open to nationwide candidates.
Additional Information: Preference will be given to candidates that are local to SC and are able to come onsite for project needs.
| Daily Duties / Responsibilities: - Continuously review and correlate security event data across SIEM EDR IDS/IPS and threat intelligence sources to identify complex attack patterns emerging threats and security incidents.
- Perform deep-dive analysis of suspicious activity validate incidents determine root cause and impact and escalate critical incidents with detailed context to Tier 3 as required.
|
- Create detailed incident reports timelines and post-incident summaries; contribute to lessons-learned documentation and recommendations for remediation and preventative measures.
- Investigate user-reported phishing malware infections and potential policy violations; advise users and internal/external teams on containment and recovery actions.
- Recommend updates to SOC playbooks and workflows based on real-world INVESTIGATIONS fine-tune detection rules. Alert thresholds and correlation logic to reduce false positives and improve threat coverage.
- Collaborate with engineering teams to ensure monitoring tools are properly configured and tuned. Integrate new threat intelligence feeds into workflows and proactively hunt for threats using up-to date tactics techniques and procedures (TTPs)
- Serve as a customer-facing SME selling the value of DIS services by demonstrating
capabilities and resolving issues. - Document processes runbooks and troubleshooting steps related to SOC operations.
- Coordinate with engineering SOC and agency staff as needed to meet goals.
- Other duties as needed.
|
| Required Skills (rank in order of Importance): - 2 Years of Experience with Security Monitoring and Incident Response.
- 2 Years of Experience with MITRE ATT&CK framework.
- 2 Years of Experience with dashboard creation and reporting.
| Preferred Skills (rank in order of Importance): - Experience with the Palo Alto Cortex XSIAM/XDR platform.
- Knowledge of Linux network administration and network design.
- Experience in administration of firewalls VPN technology Active Directory Intrusion Detection/Prevention systems.
- Candidate is local to Columbia SC or surrounding city in South Carolina
|
| Required Education/Certifications: - Associate s degree in an information technology or information security related field
- Four years of relevant work experience may be substituted in lieu of education
- Two years of experience in supporting large soc operations.
| Preferred Education/Certifications: - CISSP CISA CISO or equivalent advanced security certification.
- Additional relevant certifications (e.g. CEH OSCP GPEN).
- Vendor certifications related to information security.
|
Interview Process: 1 Round of Virtual/Online Interviews - potential for second round of in-person interviews Duration of the Contract: 12 Months Possibility for Extension: Yes Work Location: Role is 100% Remote Candidate location: No SC residency required. Open to nationwide candidates. Add...
Interview Process: 1 Round of Virtual/Online Interviews - potential for second round of in-person interviews
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Work Location: Role is 100% Remote
Candidate location: No SC residency required. Open to nationwide candidates.
Additional Information: Preference will be given to candidates that are local to SC and are able to come onsite for project needs.
| Daily Duties / Responsibilities: - Continuously review and correlate security event data across SIEM EDR IDS/IPS and threat intelligence sources to identify complex attack patterns emerging threats and security incidents.
- Perform deep-dive analysis of suspicious activity validate incidents determine root cause and impact and escalate critical incidents with detailed context to Tier 3 as required.
|
- Create detailed incident reports timelines and post-incident summaries; contribute to lessons-learned documentation and recommendations for remediation and preventative measures.
- Investigate user-reported phishing malware infections and potential policy violations; advise users and internal/external teams on containment and recovery actions.
- Recommend updates to SOC playbooks and workflows based on real-world INVESTIGATIONS fine-tune detection rules. Alert thresholds and correlation logic to reduce false positives and improve threat coverage.
- Collaborate with engineering teams to ensure monitoring tools are properly configured and tuned. Integrate new threat intelligence feeds into workflows and proactively hunt for threats using up-to date tactics techniques and procedures (TTPs)
- Serve as a customer-facing SME selling the value of DIS services by demonstrating
capabilities and resolving issues. - Document processes runbooks and troubleshooting steps related to SOC operations.
- Coordinate with engineering SOC and agency staff as needed to meet goals.
- Other duties as needed.
|
| Required Skills (rank in order of Importance): - 2 Years of Experience with Security Monitoring and Incident Response.
- 2 Years of Experience with MITRE ATT&CK framework.
- 2 Years of Experience with dashboard creation and reporting.
| Preferred Skills (rank in order of Importance): - Experience with the Palo Alto Cortex XSIAM/XDR platform.
- Knowledge of Linux network administration and network design.
- Experience in administration of firewalls VPN technology Active Directory Intrusion Detection/Prevention systems.
- Candidate is local to Columbia SC or surrounding city in South Carolina
|
| Required Education/Certifications: - Associate s degree in an information technology or information security related field
- Four years of relevant work experience may be substituted in lieu of education
- Two years of experience in supporting large soc operations.
| Preferred Education/Certifications: - CISSP CISA CISO or equivalent advanced security certification.
- Additional relevant certifications (e.g. CEH OSCP GPEN).
- Vendor certifications related to information security.
|
View more
View less
Job Location:
Monthly Salary:
Not Disclosed
Posted on:
2 hours ago
Vacancies:
1 Vacancy
