Apply on Employer Site

Peraton · 1 day ago

CSOC Lead Analyst

US-OR-Portland

Full-time

Onsite

Senior Level, Lead/Staff

$104K/yr - $166K/yr

8+ years exp

Peraton is a next-generation national security company that drives missions of consequence. They are seeking a CSOC Lead Analyst to provide leadership in a Cybersecurity Operations Center, monitoring and defending critical infrastructure against cyber threats.

Information TechnologyRobotics

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead a CSOC shift to monitor security reporting systems, dashboards and indicators of suspicious activity and unauthorized access for an extensive critical infrastructure covering 8 states

Validate SIEM/EDR/SOAR security alerts, open case management investigations and direct analyst staff investigations

Review open case management reports, progress investigations, assess potential risks and determine issue priority and escalation path

Review threat and vulnerability advisories issued by various government organizations

Conduct research to determine the applicability of advisories to the operator environment

Interact with internal Subject Matter Experts and functional groups to request information, discuss events, escalate issues and coordinate a response

Formulate mitigation recommendations and document investigations

Prepare shift reports and brief CSOC Manager, infrastructure stakeholders and corporate management on active investigations

Conduct open source research and stay abreast of the latest cyber threats and security tools

Perform network and systems analysis of intrusion alerts to the network infrastructure and anomalous traffic, applications, operating systems, firewalls, proxy devices and malware detection, security incidents or anomalies flagged by monitoring tools, triage, and escalate them as warranted

Perform in-depth security analysis of alerts from firewalls and reviewing system logs for suspicious patterns, perform preliminary incident response, event analysis and threat intelligence

Investigate threats across multiple data systems and create incident review cases on notable events

Investigate flagged alerts, determine if they are real threats, and follow designated response and containment procedures

Confirm continuous data flows from system logs, PCAP captures, and intelligence feeds into the SIEM systems

Review flagged events that are detrimental to the company’s overall security posture; analyze and detect sophisticated and nuanced attacks, discern false positives and draft reports of results for management

Correlate network and system sensor events

Conduct advanced forensic event investigation of logs and network protocol traffic and identify anomaly and potential threats

Provide near real-time and short-term correlation of data collected by the SIEM/EDR tools and investigate threats across data types over specific study time frames or systems

Provide strategic analysis and near real-time auditing, investigating, reporting, and coordinating tracking of security-related flagged incidents

Analyze intelligence feeds from systems, other analysts, and outside agencies, and integrate learnings into protection devices

Recommend changes to security assets such as firewalls, VPNs, to remediate issues or improve defensive posture to CSOC and security management

Review and process cybersecurity alerts and threat intelligence feeds and notifications provided by external government agencies and cybersecurity organizations, evaluate and recommend internal distribution as warranted

Assist with CSOC daily tasks and operations such as CSOC communications, completeness and fidelity of CSOC reports, and status of incident cases as directed by management

Recommend new and improved SIEM/EDR threat indicators

Qualification

Cybersecurity experienceSIEM/EDR/SOAR systemsIncident responseCybersecurity certificationsAnalytical skillsVerbal communicationWritten communicationStrategic thinking

Required

U.S. Citizenship Required

Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance

Degree in computer science, engineering, cybersecurity, information technology, or related field

Minimum of 8 years experience with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD

Cybersecurity experience in roles such as security monitoring, threat and risk assessment, incident response, forensic analysis, offensive testing, controls assessment, vulnerability research or CSOC operations

Understanding of industry cybersecurity standards such as FISMA, NIST 800 series, and regulatory compliance requirements

Demonstrated strategic thinking, CSOC operations leadership, or broad understanding of risk management

Strong analytical and problem-solving skills to investigate and assess security risks

Excellent verbal and written communications skills

Ability to communicate technical issues to both infrastructure owners and management

Must be able to work on a 4-month 24x7x365 shift rotation schedule