Tier 2 SOC Incident Responder

Northramp is looking for smart, creative individuals interested in helping grow something truly unique in our markets.

As a Tier 2 SOC Incident Responder you and the team will be responsible for manning a 24x7x365 coordination center and responding to escalated alerts, notification, communications and providing incident response activities such as tracking the incident, communication with stakeholders, remediation and recovery actions and reporting. Ensure reports are properly entered into the incident tracking system and will coordinate with the reporting entity to gain full understanding of the event and details. Expected to have knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors and be able to comprehend reports and determine what additional action and response activities may be required to resolve an incident. Follow established SOP’s, policies and other procedures for escalation and notification of Federal Leadership and reporting. The ideal candidate must have a strong understanding of Splunk SIEM and supporting forensic tools.

We are currently looking for a Tier 2 SOC Incident Responder who will:

Perform incident response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods.
Participate in the remediation of incidents and responses that are generated from live threats against the enterprise.
Recording and reporting all incidents per Federal policy, department policy and legislation.
Creating and tracking network incidents and investigations through completion
Serve as a point person for Incident Management; providing coordination and assignment of activity for all entities party to incident response event
Monitor security events received through alerts from SIEM or other security tools
Revise alerts escalated by end users
Carry out Level 2 triage of incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage or appropriate routing of security or privacy data request)
Maintain assigned ticket queue
As needed, serve as the incident response event point person and liaison to enterprise teams, responding to crisis or urgent situations aimed at mitigating, preparing for, responding to, and recovery systems. Will also coordinate resources, activities and timelines during security incidents to ensure a unified structured response to incidents (I.e. data breaches, ransomware events, etc.)
Review and recommend technical, process, and physical controls to counteract damage from breach events
Supports/develops reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations
Support forensic investigators and application security analysts in reactive and proactive Threat Hunting engagements, performing endpoint, network, and log analysis

Required Qualifications

5+ years of relevant work experience
US Citizenship and must be able to pass background investigation
One of the following certifications is strongly preferred: CISSP, GCIH, GCIA, GCED
Demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations.
IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms
Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc)
Strong understanding of enterprise networking (host-based firewalls, anti-malware, hids, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations, TCP / IP protocols, experience providing analysis and trending of security log data
Experience creating and tracking investigations to resolution
Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, Tenable.SC, QualysGuard, etc
Experience with Endpoint security solutions, but not limited to FireEye Solutions, Antivirus Solutions, EDR Tools
Advisory experience in compliance or regulatory frameworks (I.e. FISMA, PCI, GDPR, NIST, ISO)
Solid understanding of application, database, authentication, and network security principles; able to demonstrate how network services and protocols interact to provide communications, evidence recovery techniques, log data analytics, Incident categories, IR event handling methodologies, intrusion detection systems, network protocol and packet analysis
Understanding of system and application security, systems and network administration and operating system hardening techniques
General cyber-attack stages, profiling techniques and techniques for detecting host and network-based intrusions
Knowledge of evidence recovery techniques, preservation of evidence integrity, and collection of forensically sound collection of images, logs, and other critical components to discern possible mitigation/remediation of systems
Ability to perform or direct malware analysis, Threat Hunting, incident response
Understanding of Computer Network Defense (CND) policies, procedures, and regulations
Ability to convey complex technical security concepts to technical and non-technical audiences during crisis situations, i.e. executive or board level presentations
Ability to work with or support senior business leaders to understand business objectives/functions, identify risk factors, and communicate effective mitigation strategies
Excellent organizational, verbal, presentation/facilitation, and written communication skills
Experience composing security alert notifications
Ability to concisely communicate events of a technical nature incident responders to assist in the investigation and resolve computer security incidents
Very strong spoken and written communication and organizational skills

Clearance

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

About Northramp

At Northramp, our passion, our true north, is to help our clients cut through the fog and obtain technical and operational clarity to help them make the most significant impact possible. Focused like a laser on driving value for our clients, Northramp specializes in helping public and private sector clients streamline their IT operations, improve their technical services, and drive greater returns from IT investments.

If you are curious in learning more about Northramp, please visit our website at https://www.northramp.com.

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Reasonable Accommodation Requests

Northramp is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail PeopleOPS@northramp.com or call: 703-772-5588 - Northramp Human Resources. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

EEO is the Law

The law requires Northramp to post a notice describing the Federal laws prohibiting job discrimination. For information regarding your legal rights and protections, please click on the following link: EEO is the Law and EEO is the Law Supplement.

Pay Transparency Non-Discrimination

Northramp will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.

E-Verify

As a Federal Contractor, Northramp is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify.