Job Specifications
SOC Analyst III, Digital Forensics & Incident Response
Employment Type: Contract-to-hire
Workplace Type: Hybrid (2 days onsite, 3 days WFH)
Location: Los Angeles, CA
Industry: Financial Services
Pay Rate: $65-$95 hourly
SUMMARY:
We are seeking a Security Operations Center professional to join our client's Cybersecurity Operations team in their Los Angeles location. The ideal candidate will have professional experience working in an enterprise security operations center, has a strong background in defensive security operations, and is passionate about information security operations, threat intelligence, and threat hunting.
DUTIES & RESPONSIBILTIES:
Detects, identifies, and respond to cyber events, threats, security risks and vulnerabilities in line with cyber security policies and procedures
Performing deep forensic analysis and artifact recovery various operating systems including but not limited to Windows, Macintosh, iOS, Linux, Andriod internal application and log analysis
Take ownership of and lead end-to-end investigations into high-severity security incidents, such as advanced persistent threats (APTs), targeted attacks, and insider threats.
Provide after-hours/on-call support for critical incidents.
Proficient in Incident Response and automation workflows as it relates to Security Operations
Ability to develop procedures and documentation to support effective an security operations program
Responsible for documenting the incident life cycle, conducting handoffs, escalation, and providing support during cyber incidents
Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention)
Proficient in Threat Research and understanding the latest malware trends, common attack TTPs, and the general threat landscape
Demonstrates ability to author content using a variety of query languages, as well as scripting for event enrichment and investigation
Conducts threat hunting and analysis using various toolsets based on intelligence gathered
Partner with the security engineering and platform engineering teams to improve tool usage and workflow
Build and execute a program for continuous security controls testing and validation
Perform other duties as planned
QUALIFICATIONS
Bachelor's degree or equivalent relevant work experience in Computer Science, Information Technology, Business, Intelligence, or Security Operations
Professional Certifications such as CISSP, CISM, CEH, GCIH, GCIA, GSOC a plus, but are not required
5+ years of work experience, with 3+ years of experience in Cybersecurity, or with a reputed Services / consulting firm offering security operations consulting or equivalent public sector experience
Experience engaging in a 24x7 operational environment
Experience in scripting languages such as PowerShell or Python
Experience in SOAR (Security Orchestration Automation Response) platform preferred
Experience should demonstrate a sharp security mindset, initiative to solve problems, and teamwork
Elevated level of personal integrity, honesty, and character
Proactive, analytical mindset with strong problem-solving skills and attention to detail.
Able to professionally handle confidential matters and show an appropriate level of judgment and maturity
Strong understanding of offensive and defensive security
Keen sense of ownership, accountability, curiosity, and independent thinking
Comfort in dealing with ambiguity, stress, and uncertainty in a dynamic environment
Well-developed analytic, critical thinking skills and demonstrated problem-solving abilities and decision-making skills.
Experience with one or more Security Information and Event Management (SIEM) solutions
Experience in security monitoring, Incident Response (IR), and security tools configuration and tuning
Strong knowledge and experience in Security Event Analysis
Excellent in security incident handling, documentation, root cause analysis, troubleshooting and publishing post-Incident Reports.
Knowledge of cyber security frameworks and attack methodologies
Experience working with EDR, email defense, and other security operations tools
Inquisitive and committed to continual improvement/learning
Ability to be flexible in terms of hours to coordinate effectively with team members across time zones
Excellent communication (written, verbal, presentation, documentation) and client service skills; capability of interacting with stakeholders to drive project/task/support engagement
Ability to interact effectively at all levels with sensitivity to cultural diversity
All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, inc