Digital Forensic SOC Analyst

Report to Director of Security Operations or his/her designeeProvide SOC Analyst Tier 3 escalation supportPlan, initiate, and conduct investigations for cybersecurity incidents response effortsPerform forensic examinations on compromised systemsUnderstand and use forensic tools and techniques for cybersecurity incidentsCreate forensic root cause and scope of impact analysis reportsContribute to technical briefings on the details of forensics exams and reportProvide support in conducting malware analysis of attacker toolsStay current on incident response and digital forensics skills, best practices, and toolsTrain SOC analysts on usage of SIEM tools (Splunk), and basic event analysisDevelop rules and tune SIEM and related tools to streamline the event analysis done by the SOCAssist developing new processes and procedures for SOC monitoringMonitor networks for threats from external and internal sourcesAnalyze network traffic of compromised systems and networksCorrelate actionable security events from various sourcesReview threat data and develop custom detection signaturesGather and analyze threat intelligence data and conduct threat huntingUnderstand cybersecurity attacks and tactics, techniques, and procedures (TTPs) associated with advanced threatsCommunicate clearly with Government counterparts, and SOC customersDevelopment and implementation and operational and technical incident response processes, procedure, guidance, and standardsAbility to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.