EKHP Consulting is seeking candidates for a Security operations Center Analyst (Tier 2) position. The position is remote. The position is for 12+ months but could be extended. Pay rate, for a W2 employee, is up to $57.35 ph plus health insurance for employee, holiday pay and 10 days Personal Time Off. Pay rate is up to $63.90 C2C plus 10 days PTO and company holidays prorated based on hire date. Candidates must be US citizens.

Candidate Description

The Tier 2 Security Operation Center (SOC) Analysts have experience in using SIEM technologies to support in-depth investigations and threat hunting activities. Experience with McAfee Enterprise Security Manager (ESM), Splunk, or other SIEM technology required. An understanding of ticket workflow and handling is also required.

The Tier 2 Analyst provides support to the Tier 1 SOC Analysts, which may include helping work Tier 1 tickets and/or provide training to Tier 1 Analysts. Tier 2 SOC Analysts are also responsible for researching, responding to, and creating tickets within the ticketing system.
Tier 2 Analysts are responsible for:
• Determining service impact of security events.
• Alerting customers to possible malicious activity.
• Working tickets via ticketing system.
• Creating tickets for various needs of the SOC.
• Research and data collection of events of interest.
• Engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.

Responsibilities

• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Receive and analyze security alerts from various sources within the enterprise and determine possible causes of such alerts.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Assists in developing cybersecurity recommendations to Tier 3 based on significant threats and vulnerabilities.
• Work security tickets within established SLAs and escalate to Customer or Tier 3 as needed, establish false positive, or contact customer as needed.
• Provide guidance and mentorship to Tier 1 SOC personnel.
• Contribute to the creation of process documentation and training materials.
• Be able to work a rotating on-call schedule as required.
Qualifying Experience and Attributes
• Three (3) to five (5) years of Security Incident Response, Security Operations Center, and/or threat analysis experience.
• CompTIA Security + certification
• Experience with one or more SIEM: McAfee ESM, Splunk, Q-Radar, ArcSight, etc.
• Able to use the internet to do research on events of interest.
• Familiar with the cyber kill chain.
• Working knowledge of cybersecurity and privacy principles.
• Working knowledge of cyber threats and vulnerabilities.
• Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
• Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). 
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). 
• Knowledge of incident response and handling methodologies. 
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 
• Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of escalation, incident management and change management processes and procedures of the SOC.
• Possess good communication and interpersonal skills.
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). 
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). 
• Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• US Citizen and must be able to pass background check(s)