VSOC Lead/SR Analyst
MILITARY FRIENDLY & PREFERRED - HOH SPONSOR
Zermount Inc. is seeking a VSOC (Virtual Security Operations Center) Lead / Senior Analyst who is a is a dual-role position that combines leadership and hands-on technical expertise in cybersecurity operations. The role involves overseeing the daily operations of the VSOC, ensuring effective threat monitoring, incident response, and cybersecurity defense strategies. The individual will lead a team of analysts while performing advanced cybersecurity analysis and investigation, acting as the senior point of escalation for complex security incidents.
Duties & Responsibilities:
- Responsible for providing both Management and Senior SOC analyst. Responsible for the development, updating, and maintenance of the project management plan, quality assurance plan, schedules, processes, and building / maintaining a strong client relationship.
- Monitoring IT Security systems, appliance and technologies performance and health
- Utilize proven experience with analytics capabilities and skill sets in the following:
-
- Network and host-based forensics, Information security investigations, Incident handling and response methodologies, Security tool monitoring, Analysis of log files and digital evidence in support of incident handling activities, and
- A wide variety of computer network defense, monitoring and hunting tools, including:
- Intrusion detection/prevention systems, Next-gen firewalls and traditional firewalls, Anti-virus and endpoint detection and response solutions, Network packet and flow data inspection, Security event and incident management (SEIM) solutions, Network detection and response solutions, Endpoint forensics, and Malware dynamic analysis
- Provide continuous monitoring of network traffic and security device alerts.
- Provide correlation and trend analysis of security logs, network traffic, security alerts, events and incidents.
- Provide proactive monitoring and analysis activities to identify anomalous or malicious activities within the client's environment.
- Provide analysis, investigation, and documentation of events/incidents reported to or identified by the VSOC team.
- Perform and/or participate in incident handling processes, e.g., incident discovery, analysis and verification, incident tracking, containment and recovery, incident response, incident response coordination, and incident response notification.
- Develop and provide a status report as required by client.
- Oversee and ensure that all analysis is accurate, complete and able to pass an in-depth audit by providing all levels of documentation, evidence and findings.
- Ensure the monitoring of the primary information security mailbox and analyze spam submissions/ user-base inquiries per established SOP
- Perform a senior analyst review and quality assurance check prior to escalating any ticket to in-house SOC for final review.
- Ensure tickets are created, tracked, monitored and managed, as needed.
- Responsible for ensuring all Service Level Agreements (SLAs) are met or exceeded.
- Develop priority intelligence requirements (PIRs) and a threat landscape model and associate known actors, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs) to the PIRs and threat landscape to show direct impact and value of the CTI program.
- Use multiple cyber security open-sources and the client's cyber intelligence vendor services to mine for IOC's, integrating analysis and follow-on pivoting for incorporation in network defense tools to enable proactive defense measures.
- Produce reporting (Daily read books, Situational Awareness Reports (SARs), Ad-Hoc Threat Intel Report (ATIRs), Intelligence Tippers, and Threat Reports) on nation-state actors of concern to the client.
- Conduct research and maintain awareness of crimeware/ransomware/general malicious cyber activity that might pose a threat to client's systems, networks, and personnel; contractor will produce products of interest, as needed.
- Ensure that all analysis is accurate, complete, and able to pass an in-depth audit by providing all levels of documentation, evidence, and findings.
- Perform cyber threat hunting services as defined by the client's SOP.
- Update and develop appropriate documentation (e.g. Standard Operating Procedures [SOPs]), reports, etc.
- Monitor and respond to any incidents or issues regarding IT Security technologies performing as intended. Initiate protective or corrective measures if a security problem is discovered.
Qualifications:
- Minimum of 5 years' experience in IT Security Operations and managing IT Security programs similar in size and scope (10,000 end points) and 10 direct reports.
- Ability to effectively communicate both orally (in common English narration) and in writing (to include technical documentation).
- Ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
- Experience with a depth and breadth of IT Security tools and technologies, examples of technologies used are as follows:
- Splunk, Palo Alto Cloud Access Security Broker (CASB) & Data Loss Prevention (DLP) Solutions, Swimlane SOAR, RSA NetWitness Packet Capture/Analysis, Vectra Cognito and Stream, Carbon Black Cloud AV/EDR, Microsoft Defender for Endpoint and Identity, FireEye NX, EX, HX and AX Sandbox, & Palo Alto NGFW with WildFire Sandbox & Prisma
- Proficient in Microsoft® Office 2000 or later with particular emphasis on Microsoft® Word®, Excel®, Power-Point®, and Project®, and other applicable database and office automation products.
- Working technical knowledge of network and host-based intrusion detection and prevention systems.
- Experience with vulnerability scanning tools, and security information and event management (SIEM) and correlation tools
- Proven depth and breadth of experience as identified in the responsibilities section.
- Displays technical experience with conducting research and providing review recommendations on incidents, threats, vulnerabilities & risks.
- Experience with NIST Special Publications and guidance.
- Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
- Excellent communication (written and verbal) skills
Education:
- Bachelor's degree or higher in computer science, Information Technology, Information Security, or similar fields. Relevant experience may be taken in lieu of degree.
Certifications:
- A minimum of at least one (1) certification:
- Certified Information Systems Security Professional (CISSP)
- GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
- DOD 8570 IAM Level II or higher
Clearance level:
- Client Minimum Background Investigation (MBI) will be conducted
Work Location:
- Remote (Initial onboarding in Arlington, VA). Minimal travel to the Washington, D.C. Metro Area may be required if requested by the client.