Title: Security Operation Center Analyst III
Term: 12+ months
Location: Lawrenceville, GA
The Security Operation Center Analyst (SOC) is a key member of the team and will possess strong operational and analytical experience in threat hunting and detection.
- Research and understand cybersecurity threats, threat actors, trends in adversary activities, attack vectors and Tactics, Techniques and Procedures (TTP) and use this knowledge to proactively search for threats.
- Use threat modelling and attack frameworks to develop advanced detection mechanisms for a variety of security tools and technologies to identify, detect and respond to malicious activity.
- Leverage intelligence derived from threat hunting to improve overall security operations, tool visibility, threat awareness, and detection and response.
- Continually build automation and tooling capabilities for the deployment and management of our internal security services.
- Contribute to the development of advanced threat actor profiles unique to Gwinnet County and based upon analysis of acquired malware samples.
- Ability to communicate to technical and management levels.
- Interpret and analyze data from multiple sources, providing key analytics.
- Document findings in an easy-to-read format.
- Perform other duties and responsibilities necessary.
- 5+ years of experience in IT Security Threat hunting and Detection.
- Tier 3 incident response experience
- Experience in SIEM event auditing, log review and incident response
- Windows and Linux System administration preferred
- Experience with network and host-based collection tools such as Snort, Nxlog, CEF, or commercial Enterprise Detection and Response (EDR) platforms.
- Understanding of network architecture.
- Experience working with Internal and client Ticketing and Knowledge Base Systems for Incident and Problem tracking, report creation
Excellent time management, reporting, and communication skills.
- Superior IT problem-solving skills.
- Bachelor's degree in information systems, information security, computer science, engineering, or similar technical field of study
- Common scripting or programming language skills, including Python, Bash or Shell, PowerShell, or batch
- General security knowledge (GIAC, CEH, Security +, or other security certifications).
- Experience with other security solutions, such as EDR, firewalls, DLP, IAM, IDS/IPS, and vulnerability assessment tools.
- Experience leading technical projects.
- Familiarity with the NIST, PCI, HIPAA and CJIS.
- Ability to handle multiple projects under tight deadlines.