Lead SOC Analyst/Team Lead

TEKsystems
$65.00 - $75.00 / hr
life insurance, sick time, 401(k), retirement plan
United States, Texas, Dallas
Mar 07, 2025
Top Skills' Details 1). 5- 8 years of Incident and Response/SOC experience with Remediation, specifically leading IR events with confidence. Ideally this person is in a Lead role or at least a very strong Sr. Analyst. This person should be very familiar NIST CSF, Mitre Att@ck which covers concepts like the cyber kill chain etc. 2) Experience running tabletop exercises and someone that tests to make sure what is in the run book is accurate and real. This person should be solid with run book documentation to ensure steps followed for any scenario are real and accurate so the steps of investigation, to containment and eradication are done correctly. Must really understand networking well since this group deals with various IP addresses and port numbers. 3). Must have CrowdStrike experience, at least CrowdStrike EDR but if they have the next gen SIEM since the client is moving to that technology. 4). Technical writing or strong documentation is a strong nice to have 5). strong networking understanding of ports and IP's etc. since this client's network is complex. Description The Client's Information Security office is hiring a Lead SOC/IR resource. The preferred candidate will have strong lead Incident Response/Coordination experience. Responsibilities will include cybersecurity investigation. This group focuses on Tier 2/3 investigations and will lead tabletop exercises and someone that tests to make sure what is in the run book is accurate and real. This person should be solid with run book documentation to ensure steps followed for any scenario are real and accurate so the steps of investigation, to containment and eradication are done correctly. This client is going to use CrowdStrike that runs their next Gen SIEM as their MSSP that helps with initial triage. Ideally this resource will have Team Lead experience meaning they have led a team and have SIEM admin user experience. This client is switching from Google Chronicle to CrowdStrike next gen SIEM. Concepts around these types of tools are more critical than the direct tool experience. The client is also using Azure and would like someone who has exposure to that specific cloud environment. 70% of this person time is reviewing incidents from the MSSP, taking more complicated incidents, leading those directly with junior analyst. They typically take on about 10-20 incidents a week and the closure rate is around 10 days. Once the incidents come to the MSSP, it is a true incident, and team lead takes the incident all the way through the lifecycle closure, and they will also do peer review on other incidents. Once the team matures, they will move to more threat hunting. his person may put in detection engineering requests based on threats and will work closely with Cyber Threat Intel and Threat hunting teams. Other duties: * Provide leadership to Security Operations Center Analysts * Respond to cyber security tickets and provide analysis and trending of security log data from security devices as well as various security tool portals * Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents * Monitor threat intelligence feeds * Provide proactive "threat hunting" to detect incidents * Tune rules and thresholds to improve fidelity of alerts * Author Incident Response Playbooks * Perform the duties and responsibilities of Incident Response Coordinator when needed * Prepare reports of analysis and results to provide briefings to management and clients * Investigate, document, and report on information security issues and emerging trends. * Perform legal/HR eDiscovery searches * Partner with Managed Security Services Provider and host weekly Incident Response touch points with support team * Establish and manage partnerships with IT Security, IT Infrastructure, Network Connectivity teams * Mentor junior staff and interns The SOC Team Lead will lead the Security Operations Team that is focused on protecting the organization and patient data. The primary function of this position is to lead the team as well as participate with investigations, identification and reporting on cyber threats. You will coordinate resources during incident response efforts, assists with classifying security events, develop remediation guidance, support documentation and client reporting deliverables, and assists with system security compliance. The SOC Team Lead provides direction and mentoring to less senior SOC Analysts in support of the company's Information Security program. They may be responsible for developing and implementing the information security strategy for one or more major areas of the Information Security program. The individual is experienced in many areas of the information security domains, and is able to conduct risk assessments, develop appropriate risk responses and monitor the environment for threats. The individual needs to have the capability to lead several projects and tactical initiatives related to enterprise security, manage critical relationships with key stakeholders and vendors, drive process improvements for the information security program, and review potential security exposures. Qualifications Required Minimum Education: Bachelor's Degree Computer Science, Cybersecurity, Information Security or equivalent Required Minimum Certification: Splunk User, Power User, or Administrator Preferred Certification: GSEC, GCIH, GPEN, GCIA, or other GIAC, Splunk User/Power User/Administrator Required Minimum Experience: 7 years of Security Operations Center experience or equivalent Required Minimum Skills: * Experience with Security Operations Center, network event analysis and/or threat analysis * Deep understanding of Splunk Enterprise Security * Experience working as an Incident Responder/Coordinator * Deep understanding of Incident Response coordination when analysis confirms actionable incident * Thorough knowledge of security monitoring and incident response of cyber security events in a highly available Security Operation Center (SOC) * Deep understanding of various security methodologies and technical security solutions * Experience analyzing security logs from SIEM, Firewalls, Vulnerability Scanners * Experience monitoring threat feed sources * Experience with Endpoint Detection Response tools * Experience tuning and/or configuring Splunk SIEM and vulnerability tools * Experience authoring Incident Response Playbooks * Experience and certification in digital forensics * Microsoft Office Suite (Excel, Word, PowerPoint, Outlook) * Ability to communicate effectively with fellow team members across the organization * Effective verbal and technical writing * Thorough knowledge of common Internet protocols and applications * Thorough knowledge of HIPAA Security Rule, PCI, NIST CSF, Mitre Att@ck Skills incident response, siem, networking protocols, cloud Top Skills Details incident response,siem,networking protocols Additional Skills & Qualifications WE CAN ONLY HIRE IN THESE STATES, 100% REMOTE Alabama Florida Georgia North Carolina South Carolina Tennessee Texas Wisconsin Indiana Virginia Ohio Pay and Benefits The pay range for this position is $65.00 - $75.00/hr. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: * Medical, dental & vision * Critical Illness, Accident, and Hospital * 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available * Life Insurance (Voluntary Life & AD&D for the employee and dependents) * Short and long-term disability * Health Spending Account (HSA) * Transportation benefits * Employee Assistance Program * Time Off/Leave (PTO, Vacation or Sick Leave) Workplace Type This is a fully remote position. Application Deadline This position is anticipated to close on Mar 20, 2025. About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.