Security Analyst Project Lead (Remote)

Job Title: Security Analyst - Project Lead (Remote)

Location: Columbia SC

Duration: 12 Months

Job Description:

• Continuously review and correlate security event data across SIEM EDR IDS/IPS and threat intelligence sources to identify complex attack patterns emerging threats and security incidents.
• Perform deep-dive analysis of suspicious activity validate incidents determine root cause and impact and escalate critical incidents with detailed context to Tier 3 as required.
• Create detailed incident reports timelines and post-incident summaries; contribute to lessons-learned documentation and recommendations for remediation and preventative measures.
• Investigate user-reported phishing malware infections and potential policy violations; advise users and internal/external teams on containment and recovery actions.
• Recommend updates to SOC playbooks and workflows based on real-world Investigations fine-tune detection rules. Alert thresholds and correlation logic to reduce false positives and improve threat coverage.
• Collaborate with engineering teams to ensure monitoring tools are properly configured and tuned. Integrate new threat intelligence feeds into workflows and proactively hunt for threats using up-to date tactics techniques and procedures (TTPs)
• Serve as a customer-facing SME selling the value of DIS services by demonstrating
• capabilities and resolving issues.
• Document processes runbooks and troubleshooting steps related to SOC operations.
• Coordinate with engineering SOC and agency staff as needed to meet goals.
• Other duties as needed.

Required Skills

• 2 Years of Experience with Security Monitoring and Incident Response.
• 2 Years of Experience with MITRE ATT&CK framework.
• 2 Years of Experience with dashboard creation and reporting.

Preferred Skills

• Experience with the Palo Alto Cortex XSIAM/XDR platform.
• Knowledge of Linux network administration and network design.
• Experience in administration of firewalls VPN technology Active Directory Intrusion Detection/Prevention systems.
• Candidate is local to Columbia SC or surrounding city in South Carolina

Required Education/Certifications:

• Associates degree in an information technology or information security related field
• Four years of relevant work experience may be substituted in lieu of education

Preferred Education/Certifications:

• CISSP CISA CISO or equivalent advanced security certification.
• Additional relevant certifications (e.g. CEH OSCP GPEN).
• Vendor certifications related to information security.