ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Operations Center (SOC) Lead Analyst who has experience leading a 24x7x365 SOC. This team will provide initial levels of incident identification, analysis, and triage. They will also provide baseline health reporting of the core SOC toolset, including availability of security log and data sources and integration of threat intelligence feeds. Proactive threat hunting will be a regular duty of the team. The team will mitigate incidents directly where possible, escalating incidents as needed to the Incident Response and Management Team. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

Roles and Responsibilities

  • Establish incident response process and procedures
  • Oversee and perform Computer Security Incident Response activities for a large global enterprise, coordinate with other enterprise IT teams to record and report incidents
  • Ensure all incidents are worked from initial assignment to final resolution
  • Oversee and perform Root Cause Analysis (RCA) and make preventative recommendations
  • Oversee and conduct forensics and investigations as needed using security tools such as ProofPoint, SIEM, and EnCase, etc.
  • Oversee and recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of security tools
  • Oversee, investigate, interpret, and respond to complex security incidents
  • Attend and participate in Change Control Board/Change Approval Board (CCB/CAB) meetings as needed
  • Author SOPs as needed or directed
  • Fully document assigned tickets to show all work performed in order to pass SLRs
  • Create, track, and work to resolution Normal and Standard job-related Change Requests

Required Skills

  • Demonstrated capability to lead a team of varying experience levels to effectively monitor and investigate security incidents as well as make recommendations to improve the security posture of a large organization
  • Strong foundation of Network and Security skills, fundamental knowledge of Windows, Linux and Cisco operating systems, networking protocols and network traffic analysis
  • Experience implementing or working with Security Information and Event Management (SIEM) products such as QRadar and Splunk in a complex network environment and assist security analysts in building operational processes around the SIEM ecosystems
  • Experience with IT security tools, working technical knowledge of network, server, storage and desktop hardware and software
  • Demonstrated ability to work with matrixed resources in a team environment
  • Excellent written and verbal communication skills

Years of Experience Requirement

  • 5 years desired but not required depending on work history 

Education Requirement 

  • BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline or 5+ years of relevant experience in a technical management role is preferred. AA degree with 9 years of relevant experience can also be substituted 

Certification Requirement

  • Desired certifications include: Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Examiner (GCFE), or GIAC Certified Forensic Analyst (GCFA) Certification

Location

  • Crystal City with transition to Herndon/Reston area

Security Clearance

  • U.S Citizenship with the ability to obtain a Secret clearance

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Click here to apply