SOC Analyst II - Splunk - MetTel
Washington, DC
About the Job
MetTel is a recognized 4x Leader in Gartner Magic Quadrant for Managed Network Services. We are a communication solutions provider providing managed services across various mediums and systems such as cloud, network connectivity, intelligence, security, and mobility.
*The position is open to U.S. citizens or Greencard holders and requires a favorably adjudicated GSA Fitness Review for Public Trust Positions*
Job Summary:
SOC Analyst II will be part of MetTel Corporate SOC team responsible for reducing the impact of security incidents and ensures that critical business operations continue unhindered. SOC Analyst will be analyzing security and log data, performing security incident response, conducting in-depth analysis of network and endpoint data, and incorporating threat intelligence to enhance detection and mitigation strategies.
Competencies:
•SIEM experience with Splunk is required.
•SPLUNK administration training highly valued.
•Experience using ticketing systems such ServiceNow.
•Alert development based on log analysis.
•Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), DataLoss Prevention (DLP), Identity and Access Management (IAM) solutions
Duties / Responsibilities:
*Monitor and analyze security events and alerts from multiple sources, including security information and event management (SIEM) software, network and host-based intrusion detection systems, firewall logs, user reported incidents, and system logs (Windows and Linux), and databases.
•Use various Security Incident and Event Management (SIEM) tools, SOAR platform and other related security management/console applications, such as network traffic and data analytics.
•Responsible for data collection, review and analysis of internal and external threats and attacks,including but not limited to alert response, Root Cause Analysis, and some forensic level tasking.
•Analyze both raw and processed security alerts, event data and logs to identify potential securityincidents, threats, mitigations, and vulnerabilities.
•Direct experience with SIEM, EDR, Anti-Virus, Firewall, Network protocols, Windows securityevents, Phishing mitigation, Wireshark
•Perform triage of incoming issues (assess the priority, determine risk)
•Initiate incident notification, case tracking/management, recovery actions, and report statusupdates.
•Participate in the remediation of incidents and responses that are generated from live threatsagainst the enterprise.
•Support follow-on actions, such as coordinating with other organization teams to facilitateremediation of the alert/event/incident, and close out the investigation.
•Regularly communicate with engineering teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual.
•Maintain a strong awareness of the current threat landscape.
•Provide Incident Response (IR) support when analysis confirms actionable incident.
•Provide threat and vulnerability analysis as well as security advisory services.
•Perform and Manage vulnerability scanning using Tenable and Nessus. Produce scan reports for analysis.
•Knowledge of network protocols, network analysis tools, and ability to perform analysis of associated network logs.
•Serve as the technical escalation point and mentor for lower-level analysts.
•Perform incident response analysis uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
•Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
• Assist in real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
Travel Required
Occasional travel to company HQ
Education and Experience Required
•Bachelor's degree in a Computer Sciences. (Computer Security/Information Security degree preferred), in lieu of a degree, additional experience will be considered.
•3+ years' experience working within a Security Operations Center.
•Knowledge of and experience with intrusion detection/prevention systems and SIEM software
•Experience analyzing network and host-based security events.
•Knowledge of various security methodologies and processes, and technical security solutions•Knowledge of incident response life cycle and steps
•Knowledge of TCP/IP protocols, network analysis, and network/security applications
•Knowledge of common Internet protocols and applications
•Experience working within 1 or more SOAR platforms preferred.
•Excellent written and oral communication skills.
•Self-motivated and able to work in an independent manner.
Preferred Education and Experience
Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions, Splunk certification(s) in administration, SOAR or Enterprise Security, Pen testing experience a plus
Why MetTel
MetTel is a leading global solution provider of communications technology for business, backed by the nation's leading carriers. Recognized for our flexible and customer-driven approach, MetTel services countless universal brands, Fortune 500 organizations and the U.S. government, developing and implementing their tech strategies while revamping all operations with our proprietary cloud-platform. With over 20 years of legacy experience, MetTel is now generating industry-buzz around our pioneering role in the advanced technology and mobile space thanks to industry-first Cross-Carrier pooling solutions, unparalleled coverage, and a front-line portfolio.
Keywords: SOC Analyst, #SOCAnalyst, Telecommunications, #Telecommunications, MetTel, #MetTel, SOC jobs near me, #SOCJobsNearMe, Service Now, #ServiceNow, Network Security, #NetworkSecurity, Security Network Operations, #SecurityNetworkOperations, IEEE, #IEEE, Verizon, #Verizon, ATT, #ATT, Jobs Near Me, #JobsNearMe, SIEM, #SIEM, Splunk, #Splunk, Cyber Security, #CyberSecurity, New York, #NewYork, New Jersey, #NewJersey, Stack Overflow, #StackOverflow, Indeed, #Indeed, LinkedIn, #LinkedIn, Security Analyst, #SecurityAnalyst, SOC Jobs, #SOCjobs, SOC Analyst II, #SOCAnalystII, Cyber Security Jobs, #CyberSecurityJobs, Information Security Analyst, #InformationSecurityAnalyst