Level 2 SOC Analyst

Insight Global is looking for a Level 2 SOC Analyst to support a 24/7 Global SOC Team that operates in three shifts (6 am - 2pm, 2pm - 10pm, 10pm - 6 am). The selected resource will be responsible for conducting preliminary incident triage according to the Security Incident Management Triage Matrix and prioritize / escalate as appropriate. The selected resource will be leading in the detection, triage, analysis and response to cyber-attacks. The resource will also be training and mentoring Level 1 Peers to improve SOC Analyst capability, as well as providing insight and expertise to examine malware, attack vectors, network communication and determine target network capabilities and vulnerabilities.

* 2-5 years of security analyst experience, preferably in a managed services environment.

Must hold a Government issued Secret Clearance (Level II)

* Proven experience with operations using commonly used information security solutions (with focus on Splunk, QRadar, Crowdstrike, Sentinel, TrendMicro)

* Proven technology knowledge of Windows, Active Directory, Linux, SIEM Solutions, Antivirus software, Proxy.

* Experience in Cloud Security monitoring and in advanced analytics (UEBA)

* Knowledge of the most common and used frameworks (E.g., NIST CSF, ISO2700x, CMM SOC, etc.)

* Sound experience on programming languages: Python and/or R. and/or PowerShell

* Experience in REST API interfaces to support data collection or integration.

* Proven knowledge of current security threats, techniques, and landscape, and a dedicated and self-driven desire to research and learn more about the information security landscape.

* Review and triage experience with endpoint detection and response tools

* Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.

* Strong analytical skills, decision making, being able to work under time pressure, cooperating with other people and using the escalation processes when necessary.

* Experience in technical Team coordination/management would be a plus.

* CompTIA Security+, GIAC Security Essentials Certification (GSEC), SIEM & EDR Foundation certificates (Such as Microsoft Sentinel and Defender).

* Microsoft, Splunk, SANS.org security certifications related to SIEM, EDR products and operations (in example Microsoft AZ-500)

* A minimum of 2 years hands on experience with one or more of the following areas:

o Operation and Implementation of SIEM solutions including:

QRadar or Splunk and Microsoft Sentinel.

o Operation and Implementation of Security Automation solutions including:

Thorough knowledge of SOAR (Security Orchestration Automation & Response) technologies.

o Desing and Implementation of Monitoring strategy including:

Thorough knowledge on defining data sources monitoring based on clients' business

Thorough knowledge on MITRE Frameworks (ATT&CK, D3FEND)

Familiar with Cyber Kill Chain

o Desing and Implementation of Configuration Governance solutions including:

Thorough knowledge on how to operationalize ongoing security configuration governance service using SOC standard methodologies, metrics, KPIs, KRIs, Operational Procedures.

o Cyber Network Operations/Penetration Test Methodologies and tools like Metasploit, Kali Linux, Cobalt Strike etc.,

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.