MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are the trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. We design and implement innovative security solutions to identify and defend against today’s risks and tomorrow’s attacks.  

We believe that helping organizations operate from the best security posture possible requires automation.  Empowering our employees to excel and providing them with the means to do so enables us to consistently exceed our clients’ expectations. 

Unlike many IT consultancies, we’re not a body shop. Our client engagements are challenging and growth-oriented. Our relationship with you is for the long run because, in this business, your success is our success. That’s why we treat investments in employees as investments in the company itself, which is why we offer fantastic benefits (healthcare, generous PTO, paid maternity and paternity leave, and tuition reimbursement, to name a few). 

But you’ll want to work here for reasons that can’t be written into an offer letter—the challenge, growth opportunities, and most important: the culture of a company that cares about you. 

We are an established, profitable, and growing company that promises you the following: 

• A diverse organization. 
• A safe workplace with zero tolerance for discrimination and harassment of any kind. 
• A balanced work life. Seriously. 
• Potential of a flexible schedule, depending on the specific customer. 
• A leadership team focused on your professional growth and development. 

MindPoint Group is seeking a Senior SOC Analyst. The Security Operations Center (SOC) Senior Analyst will collaborate with members of the SOC team to develop innovative and effective procedures for the SOC to enhance coordination and incident response operations. Train staff on SOC concept of operations and develop incident management teams.

Additionally, Senior Analyst candidates must be willing to work in a 24x7x365 SOC environment, demonstrate intuitive problem-solving skills, and allow for flexible scheduling. Monitor network traffic for security events and perform triage analysis to identify security incidents. Respond to computer security incidents by collecting, analyzing, preserving digital evidence, and ensure that incidents are recorded and tracked in accordance with SOC requirements. Work closely with the other teams to assess risk and provide recommendations for improving our security posture.

Job Duties:

• Shift 1 is 6AM-2:30PM
• Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data
• Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes
• Lead Incident Response activities and mentor junior staff
• Work with key stakeholders to implement remediation plans in response to incidents
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership
• Author Standard Operating Procedures (SOPs) and training documentation when needed
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

• Active Secret required
• 5 (+) years in an Incident Responder/Handler role 
• Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2.  The ability to take lead on incident research when appropriate and be able to mentor junior analysts
• Advanced knowledge of TCP/IP protocols
• Knowledge of Windows, Linux operating systems
• Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or ArcSight experience
• Deep packet and log analysis
• Some Forensic and Malware Analysis
• Cyber Threat and Intelligence gathering and analysis
• Bachelor’s degree or equivalent experience 
• Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred

Desirable certifications include, but not limited to:

• GCIH, GCIA, GCFE, GREM, GCFA, GSEC
• Security +
• CEH, CISSP, CCNA (Security) or equivalent Certifications.
• CySA+

• All your information will be kept confidential according to EEO guidelines
• Equal Opportunity Employer Veterans/Disabled