Senior Security (SOC) Analyst

About

UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.

By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.

Responsibilities

• Monitor and analyze security events and alerts reported by the SIEM on a 24x7 basis to identify and investigate suspicious or malicious activity, or other cyber events which violate policy.
• Work with a large team that rotates 3x12 or 4x12 hour shifts.
• Analyze logs and events from any device types which may send logs or events to the SOC in the future, including non-traditional device feeds such as Human Resources data, badging information, and physical security devices.
• Provide documentation detailing any additional information collected and maintained for each security investigation.
• Record all artifacts (emails, logs, documents, URLs, screenshots, etc.) associated with all security events and incident investigations within the SOC incident and tracking application.

Qualifications

• Active US Secret Security Clearance.
• 5+ years of experience working in a Security Operations Center (SOC) or Network Operations Center (NOC) environment performing security event monitoring and analysis.
• Working knowledge of various operating systems (Windows, OS X, Linux) commonly deployed in enterprise networks.
• Working knowledge of network communications and routing protocols (TCP, UDP, ICMP, BGP, MPLS) and common internet applications and standards (SMTP, DNS, DHCP, SQL, HTTP, HTTPS).
• Familiarity with adversarial tactics, techniques, and procedures (TTPs).
• Capability of analyzing security logs and events from devices such as firewalls, IDS/IPS, HIDS/HIPS, proxy/web filter, vulnerability scans, routers, VPN gateways, server event logs, e-mail and host anti-virus, desktop security monitoring agents, anti-virus servers, IP services (DNS, DHCP), network address translation devices, MDM (cellphones), PKI, and cloud security infrastructure (AWS, Azure, Oracle, Salesforce).
• 8570 Certification(s): Security+ or equivalent.
• High school diploma needed.

Preferred Skills

• Certifications: Security+, GCIH, CEH, or CYSA+.
• Experience with Splunk query language.
• Experience with IDS/IPS/firewall/security configurations and signature development.
• Experience with PCAP analysis.
• Experience with Tanium threat response.
• Ability and prior experience analyzing IT security events to discern legitimate security incidents.
• Experience working with ticket management systems to collect, document, and maintain information pertinent to security investigations and incidents.
• Excellent verbal and written communication skills and ability to produce clear and thorough security incident reports and briefings.
• Experience monitoring operational status of monitoring components and escalating outages.
• Conceptual understanding of Windows Active Directory.
• Experience with various event logging systems and SIEM platforms.
• Experience identifying and implementing counter-measures or mitigating controls in enterprise networks.
• Experience collecting and maintaining information pertinent to security investigations and incidents supporting analysis, situational awareness, and law enforcement efforts.

Benefits

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed.
• Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment).
• Group Term Life, Short-Term Disability, Long-Term Disability.
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness insurance.
• Participation in the Discretionary Time Off (DTO) Program.
• 11 Paid Holidays Annually.

Additional Information

• Must be legally allowed to work in the US, and the work must be done in the US.
• No third-party candidates will be considered.
• UltraViolet Cyber maintains broad salary ranges to account for variations in knowledge, skills, experience, market conditions, and locations.
• UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.
• If you want to make an impact, UltraViolet Cyber is the place for you!