Feb 26
Top Secret
Senior Level Career (10+ yrs experience)
IT - Data Science
Naval Base Ventura County, CA (On/Off-Site)
Position Description
The Senior SOC Analyst team member is responsible for the analysis of all technology devices which may
include Operational Technology (OT) and Industrial Control Systems (ICS) within enterprise. This includes
analytical analysis of device communication, forensic analysis of Windows or Linux systems and servers,
timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis,
and malware identification/triage.
An ideal candidate for this position will be a proactive self-starter who has experience with system
administration, Windows and Linux operating systems (OS) mechanics and filesystem structures, disk
and memory forensics, commonly abused tools/vectors for persistence, privilege escalation, and lateral
movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior, with
respect to the environment they are found in. This role requires a familiarity with what routine OS
activities and common software/user behavior looks like in the context of forensic artifacts or timelines.
Analysts should also be familiar with common categories and formats of host-based indicators of
compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an
endpoint. Candidate will utilize the Cyber Kill Chain and define the entire attack life cycle along with
creating detailed reports on how impacts may or have occurred.
As a senior role candidate will assist in reviews and provide feedback to journeyman and junior analysts’
investigation and facilitate discussions on recommendations on improving SOC visibility, efficiency,
and/or processes. Secondary role will also focus on identifying unusual files, scripts, configurations, and
user activity based on bulk aggregation via an Endpoint Detection and Response (EDR) or triage tools,
and coordinate forensics centric efforts with case management oversight.
Responsibilities
Support client leaders in establishing and managing a Security Operations Center (SOC) to
provide a secure environment that facilitates incident response and threat hunting activities.
Provide oversight over more junior cyber analysts and assist client with prioritization and
milestone tracking for efforts related to the SOC
Manage the security information and event management (SIEM) platform to monitor for
security alerts and coordinate vulnerability assessments and artifact collection across servers
and network devices
Evaluate network structures and device configurations for security risks, offering
recommendations based on best practices, and gather data to identify and respond to network
intrusions
Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited,
and methods used, and develop processes to enhance SOC response and efficiency
Conduct comprehensive technical analyses of computer evidence, research and integrate new
security tools into the SOC, and synthesize findings into reports for both technical and non-
technical audiences
Preform forensic analysis of Windows and Linux clients and servers, other control operating
systems, timeline analysis of activity on these endpoints, user permission and authentication
audits, log analysis, and malware identification/triage.
Qualifications
(Senior level) At least 5 years of experience in security operations, demonstrating leadership in
customer-facing roles
Deep understanding in host/network forensics software tool kits (e.g. MAGNET, EnCase,
Sleuthkit, FTK)
Understands evidence handling processes and procedures specifically in DoD environments
Able to ensure completed collection of artifacts to provided best possible outcome of a case
Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages,
system/application vulnerabilities, and compliance with Department of Defense (DoD) policies
and procedures
Extensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH,
SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware,
Security Center
Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and
familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across
multiple locations
Desired Skill sets
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)
Strong analytical and troubleshooting skills
Proficient in forensics software tool kit (MAGNET)
Able to provide expert content development in Splunk Enterprise Security using tstats and data
models
Understands how to utilize knowledge of latest threats and attack vectors to develop correlation
rules for continuous monitoring on various security appliances
Experience in other tools and communication languages as applicable such as Nessus, Endgame,
CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP
Review logs to determine if relevant data is present to accelerate against data models to work
with existing use cases
Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology
certification
Examples of other certifications include:
DoD 8570 Cyber Security Service Provider (CSSP) or IAT Level II complaint
Certified Ethical Hacker (CEH)
Certified First Responder (CFR)
Computer Hacking Forensic Investigator (CHFI)
CompTIA Cyber Security Analyst (CySA+)
Global Information Assurance Certification (GIAC) Certifications
o Network Forensic Analyst (GNFA).
o Certified Intrusion Analyst (GCIA).
o Certified Incident Handler (GCIH).
Additional certifications at an equivalent may also be considered.
The Senior SOC Analyst team member is responsible for the analysis of all technology devices which may
include Operational Technology (OT) and Industrial Control Systems (ICS) within enterprise. This includes
analytical analysis of device communication, forensic analysis of Windows or Linux systems and servers,
timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis,
and malware identification/triage.
An ideal candidate for this position will be a proactive self-starter who has experience with system
administration, Windows and Linux operating systems (OS) mechanics and filesystem structures, disk
and memory forensics, commonly abused tools/vectors for persistence, privilege escalation, and lateral
movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior, with
respect to the environment they are found in. This role requires a familiarity with what routine OS
activities and common software/user behavior looks like in the context of forensic artifacts or timelines.
Analysts should also be familiar with common categories and formats of host-based indicators of
compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an
endpoint. Candidate will utilize the Cyber Kill Chain and define the entire attack life cycle along with
creating detailed reports on how impacts may or have occurred.
As a senior role candidate will assist in reviews and provide feedback to journeyman and junior analysts’
investigation and facilitate discussions on recommendations on improving SOC visibility, efficiency,
and/or processes. Secondary role will also focus on identifying unusual files, scripts, configurations, and
user activity based on bulk aggregation via an Endpoint Detection and Response (EDR) or triage tools,
and coordinate forensics centric efforts with case management oversight.
Responsibilities
Support client leaders in establishing and managing a Security Operations Center (SOC) to
provide a secure environment that facilitates incident response and threat hunting activities.
Provide oversight over more junior cyber analysts and assist client with prioritization and
milestone tracking for efforts related to the SOC
Manage the security information and event management (SIEM) platform to monitor for
security alerts and coordinate vulnerability assessments and artifact collection across servers
and network devices
Evaluate network structures and device configurations for security risks, offering
recommendations based on best practices, and gather data to identify and respond to network
intrusions
Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited,
and methods used, and develop processes to enhance SOC response and efficiency
Conduct comprehensive technical analyses of computer evidence, research and integrate new
security tools into the SOC, and synthesize findings into reports for both technical and non-
technical audiences
Preform forensic analysis of Windows and Linux clients and servers, other control operating
systems, timeline analysis of activity on these endpoints, user permission and authentication
audits, log analysis, and malware identification/triage.
Qualifications
(Senior level) At least 5 years of experience in security operations, demonstrating leadership in
customer-facing roles
Deep understanding in host/network forensics software tool kits (e.g. MAGNET, EnCase,
Sleuthkit, FTK)
Understands evidence handling processes and procedures specifically in DoD environments
Able to ensure completed collection of artifacts to provided best possible outcome of a case
Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages,
system/application vulnerabilities, and compliance with Department of Defense (DoD) policies
and procedures
Extensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH,
SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware,
Security Center
Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and
familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across
multiple locations
Desired Skill sets
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)
Strong analytical and troubleshooting skills
Proficient in forensics software tool kit (MAGNET)
Able to provide expert content development in Splunk Enterprise Security using tstats and data
models
Understands how to utilize knowledge of latest threats and attack vectors to develop correlation
rules for continuous monitoring on various security appliances
Experience in other tools and communication languages as applicable such as Nessus, Endgame,
CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP
Review logs to determine if relevant data is present to accelerate against data models to work
with existing use cases
Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology
certification
Examples of other certifications include:
DoD 8570 Cyber Security Service Provider (CSSP) or IAT Level II complaint
Certified Ethical Hacker (CEH)
Certified First Responder (CFR)
Computer Hacking Forensic Investigator (CHFI)
CompTIA Cyber Security Analyst (CySA+)
Global Information Assurance Certification (GIAC) Certifications
o Network Forensic Analyst (GNFA).
o Certified Intrusion Analyst (GCIA).
o Certified Incident Handler (GCIH).
Additional certifications at an equivalent may also be considered.
group id: 91129865
