Sign in

SOC Analyst -Tier 2

Hire IT People Inc.
Washington, District of Columbia, United States
February 15, 2018

JOB ID: SOC Analyst -Tier 2 (527596).

Rate may vary depending on candidate preference for either w-2 (benefits or

no benefits) or must have a 'LLC' -limited liability corporation.

Location: Washington, DC

Years of experience: 6+ years' experience.

Duration: 9/30/18 +

Number of positions: 1

Interviews: Either WebCam or in-person.


The SOC Analyst is a tier 2 tech resource responsible for monitoring,

detecting, analyzing, remediating, and reporting on cyber events and

incidents impacting the tech infrastructure of the District of Columbia.

Serves as advanced escalation point.



The SOC Analyst - Tier 2 is cybersecurity technical resource responsible for

providing technical analytical guidance to a team of Tier 1 SOC Analysts to

monitor, detect, analyze, remediate, and report on cybersecurity events and

incidents impacting the technology infrastructure of the Government of the

District of Columbia. The ideal candidate will have an advanced technical

background with experience in an enterprise successfully leading a SOC unit

or area of responsibility for analysis and correlation of cybersecurity

event, log, and alert data. The candidate will be skilled in understanding,

recognition, and root-cause detection of cybersecurity exploits,

vulnerabilities, and intrusions in host and network-based systems.


Utilize technical background and experience in information

technology and incident response handling to scrutinize and provide

corrective analysis to escalated cybersecurity events from Tier 1 SOC

Analysts-distinguishing these events from benign activities, and escalating

confirmed incidents to Tier 3 Analysts.

Provide in-depth cybersecurity analysis, and

trending/correlation of large data-sets such as logs, event data, and alerts

from diverse network devices and applications within the enterprise to

identify and troubleshoot specific cybersecurity incidents, and make sound

technical recommendations that enable expeditious remediation.

Proactively search through log, network, and system data to

find and identify undetected threats.

Support security tool/application tuning engagements, using McAfee ESM

and McAfee ePO, with analysts and engineers to develop/adjust rules and

analyze/develop related response procedures, and reduce false-positives from


Identify and ingest indicators of compromise (IOC's) (e.g.,

malicious IPs/URLs, etc.) into network security tools/applications to

protect the Government of the District of Columbia network.

Quality-proof technical advisories and assessments prior to

release from the SOC.

Coordinate with and provide in-depth technical support to

enterprise-wide technicians and staff to resolve confirmed incidents.

Report common and repeat problems, observed via trend

analysis, to Tier 3 SOC Analysts and propose process and technical

improvements to improve the effectiveness and efficiency of alert

notification and incident handling.

Support development of technical best-practice SOPs and

Runbooks for SOC Analysts.

Respond to inbound requests via phone and other electronic

means for technical assistance, and resolve problems with minimal

supervision. Coordinate escalations with Tier 3 SOC Analysts and collaborate

with internal technology teams to ensure timely resolution of issues.


Two to three years of demonstrated operational experience as

a cybersecurity analyst/engineer handling cybersecurity incidents and

response in critical environments, and/or equivalent knowledge in areas such

as, technical incident handling and analysis, intrusion detection, log

analysis, penetration testing, and vulnerability management.

In-depth understanding of current cybersecurity threats,

attacks and countermeasures for adversarial activities such as probing and

scanning, phishing, ransomware, command and control (C2) activity,

distributed denial of service (DDoS), etc.

In-depth hands-on experience analyzing and responding to

security events and incidents with most of the following technologies and/or

techniques; leading security information and event management (SIEM)

technologies, endpoint detection and response (EDR), intrusion

detection/prevention systems (IDS/IPS), network- and host-based firewalls,

network access control (NAC), data leak protection (DLP), database activity

monitoring (DAM), web and email content filtering, vulnerability scanning

tools, secure coding, etc.

Strong communication, interpersonal, organizational, oral,

and customer service skills.

Strong knowledge of TCP/IP protocols, services, and


Knowledge of forensic analysis techniques for common

operating systems.

Adept at proactive search, solicitation, and detailed

technical analysis of threat intelligence (e.g., exploits, IOCs, hacking

tools, vulnerabilities, threat actor TTPs) derived from open-source

resources and external entities, to identify cybersecurity threats and

derive countermeasures, not previously ingested into network security

tools/applications, to apply to protect the Government of the District of

Columbia network.

Demonstrates Ability to multi-task, prioritize, and manage

time and tasks effectively.

Demonstrates Ability to work effectively in stressful


Strong attention to detail.


Undergraduate degree in computer science, information

technology, or related field.

SANS GCIA, GCIH, GCED, GPEN, or similar industry

certification desired.

This position requires shift work, and the capacity to be on-call after

hours and in support of emergency and special event operations. This

position does not require a U.S. Government security clearance. A background

check to include criminal and credit check is required. On-going travel is

not anticipated.

Complete Description


1. Determines enterprise information assurance and security standards.

2. Develops and implements information assurance/security standards and


3. Coordinates, develops, and evaluates security programs for an

organization. Recommends information assurance/security solutions to support

customers' requirements.

4. Identifies, reports, and resolves security violations.

5. Establishes and satisfies information assurance and security requirements

based upon the analysis of user, policy, regulatory, and resource demands.

6. Supports customers at the highest levels in the development and

implementation of doctrine and policies.

7. Applies know-how to government and commercial common user systems, as

well as to dedicated special purpose systems requiring specialized security

features and procedures.

8. Performs analysis, design, and development of security features for

system architectures.

9. Analyzes and defines security requirements for computer systems which may

include mainframes, workstations, and personal computers.

10. Designs, develops, engineers, and implements solutions that meet

security requirements.

11. Provides integration and implementation of the computer system security


12. Analyzes general information assurance-related technical problems and

provides basic engineering and technical support in solving these problems.

13. Performs vulnerability/risk analyses of computer systems and

applications during all phases of the system development life cycle.

14. Ensures that all information systems are functional and secure.

Minimum Education/Certification Requirements:

Bachelor's degree in Information Technology or related field or equivalent



Question: Absences greater than two weeks MUST be approved by CAI

management in advance, and contact information must be provided to CAI so

that the resource can be reached during his or her absence. The Client has

the right to dismiss the resource if he or she does not return to work by

the agreed upon date. Do you accept this requirement?

Question: Please list candidate's email address that will be used when

submitting E-RTR.

Question: There are no reimbursable expenses. Do you accept this