SOC Analyst

Make a difference here. UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams. By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India. Ultraviolet Cyber is seeking a SOC Analyst to join our Federal Delivery Team. The Security Operations Center (SOC) Analysts will be responsible for 24/7 threat monitoring, analysis, and incident response across a large-scale network infrastructure. Their duties include correlation and triage of security alerts, hunting threats across endpoints and servers, managing custom alert rules, and producing incident response documentation. They will also support firewall, Active Directory, and Sentinel-based monitoring, with escalation responsibilities during COOP or emergency operations. Important to note: Remote with monthly in-person meetings in Washington, DC. Meeting scheduled on the 3rd Tuesday and as-needed-unscheduled in-person meeting(s) with no cost to the Government. Clearance: Must be Public Trust eligible Hours: Full-time (40 hrs/week), standard eight-hour business schedule between the hours of 6:00am and 5:30pm, EST, Monday through Friday. No third-party candidates will be considered Responsibilities: Support with host and network analysis to determine compromise extent and provide mitigation support on compromised systems. Validate and confirm critical security events and assess impact of the event. Research and maintain information on current security threats and applying knowledge to the security capability. Author intrusion detection signatures as well as other detection mechanisms and coordinate with Security Engineering to implement. Collect information from digital devices as part of legal investigations. Create and report on program tasks. Interface with the intelligence community in order to better develop and identify malicious activities and events that connect over time to form a pattern of attack. Recover data like documents, photos and e-mails from computer hard drives and other data storage devices that have been deleted, damaged or otherwise manipulated. Find evidence of illegal activity involving cybercrime offenses and examine computers that may have been involved in other types of crime. Use expertise to protect computers from infiltration, determine how a computer was broken in to or recover lost files. Use forensic tools and investigative methods to find specific electronic data, including Internet use history, word processing documents, images and other files. Automate workflow processes via scripting with Python or similar. Work with Cyber Threat Intel Team and maintaining threat indicator feeds. Build and maintain client and stakeholder relationships. Formulate and enforce work standards. Complete projects/deliverables on time and with quality. Qualifications: Require 3–5 years of SOC analyst experience 5+ YOE in general IT and Cybersecurity preferred Proficiency in SIEM and EDR technologies, and practical knowledge of Microsoft Defender, Sentinel, Trellix, RSA NetWitness, and incident response playbooks Experience demonstrating strong analytical, troubleshooting and problem-solving skills for security information and event management. Excellent communication skills, both written and oral. Operational knowledge with types of vulnerability assessors that shall include vulnerability assessment tools, wireless network detection, and non-signature based discovery and case handling tools. Experience with the following technologies: Intrusion Detection and Preventions Systems (IDS/IPS). Monitoring network security events in an Enterprise Environment. Producing security event reports for management. Producing security metric reports for management. Security Information and Event Management (SIEM) systems. One or more of the following certifications are desired: Certified Forensic Computer Examiner (CFCE). Certified Hacking Forensic Investigator (CHFI). CompTIA Cybersecurity Analyst (CySA+). Certified Ethical Hacker (CEH) Additional Able to attend monthly in-person meetings in Washington, DC. Meeting scheduled on the 3rd Tuesday and as-needed-unscheduled in-person meeting(s). Clearance: Must be Public Trust eligible Hours: Full-time (40 hrs/week), standard eight-hour business schedule between the hours of 6:00am and 5:30pm, EST, Monday through Friday. Benefits at UltraViolet Cyber! We provided these clients with cybersecurity-related services while cultivating a common body of knowledge among all employees at UltraViolet. 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment) Group Term Life, Short-Term Disability, Long-Term Disability Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness Participation in the Discretionary Time Off (DTO) Program 11 Paid Holidays Annually $110,000 - $125,000 a year We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable. UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status. If you want to make an impact, UltraViolet Cyber is the place for you!