We’re Hiring

CSOC Mid Level Vulnerability Assessment Analyst

Interested in applying? Click button above or email our HR department at HumanResources@visualconnections.net.

Visual Connections, LLC is seeking CSOC Mid Level Vulnerability Assessment Analyst. As a CSOC Alert Analyst, you will play a critical role in supporting the mission of the Veterans Affairs (VA) by monitoring key cybersecurity systems for intrusions and vulnerabilities amongst VA’s application environments.

Veterans are encouraged to apply.

Duties

For a Cybersecurity Operations Center (CSOC) alert analyst, the duties related to Palo Alto's Prisma Cloud tools are highly focused on triage, investigation, and response for cloud-native security events. Unlike an on-premise analyst who might focus on firewall or endpoint logs, a Prisma Cloud analyst's world is centered on the unique risks of the cloud.

Here are some key duties for a CSOC alert analyst using Prisma Cloud:

  • The analyst is the first line of defense, responsible for reviewing and triaging alerts generated by Prisma Cloud. This includes identifying if the alert is a true positive or a false positive.

  • The Alert Analyst will use Prisma Cloud's features to enrich alerts with critical context. This involves examining the affected asset (e.g., a container, serverless function, or virtual machine), its environment (e.g., production vs. development), its network exposure, and any associated user or service identities. This helps to quickly determine the severity and business impact of the alert.

  • Using Prisma Cloud's risk scoring and attack path analysis, the analyst will prioritize the most critical alerts. This means focusing on incidents that show a clear path to sensitive data or a known exploitable vulnerability, rather than simply responding to every low-severity misconfiguration.

  • For true positive alerts, the analyst performs a deeper investigation. This involves pivoting from the alert to review associated logs, network traffic, and forensic data within Prisma Cloud's dashboard.

  • Alert Analysts may proactively use Prisma Cloud's tools to hunt for potential threats that haven't triggered an alert. This can involve searching for anomalous activity, suspicious network connections, or unauthorized changes to cloud configurations.

  • The analyst may work to identify the root cause of the incident. For example, if a container has a vulnerability, they investigate why that container was allowed into production in the first place, or if a user has overly permissive access, they look into the reason behind it.

  • The analyst works with security orchestration, automation, and response (SOAR) playbooks, often integrated with Prisma Cloud, to trigger automated response actions. This could involve an automated process to disable a compromised user account or a "virtual patch" to a host to prevent an exploit.

  • In cases where automation isn't possible, the analyst may provide the technical team with specific, actionable remediation steps. This could be as simple as telling a DevOps engineer which misconfigured S3 bucket to lock down.

  • The analyst documents the investigation and provides clear, concise communication to stakeholders. They are responsible for escalating high-priority incidents to senior analysts or incident response teams, ensuring they have all the necessary context to take over.

  • To reduce "alert fatigue," the analyst plays a role in fine-tuning Prisma Cloud policies. If they consistently see false positives from a certain rule, they work with a senior engineer or a DevOps team to adjust the policy or exclude specific resources.

  • They may also be involved in creating new detection rules based on emerging threats or new compliance requirements, using Prisma Cloud's policy-as-code capabilities.

Requirements

  • Bachelor's Degree or higher - equivalent experience may be considered in lieu of a degree

  • Experience with Palo Alto Prisma Cloud or similar tools. XSIAM experience a plus.

  • Experience with Agile project management methods and frameworks such as SCRUM

  • Exceptional written and verbal communication skills

  • Strong planning, organizational, and time management skills

  • Exceptional analytical and conceptual thinking skills

  • Strong leadership skills and ability to work collaboratively with a team of peers

Location & Work Environment

  • Remote

  • No travel required

Visual Connections, LLC offers a full benefits package including:

  • Full Medical, Dental, Prescription and Vision health care

  • 11 Paid Holidays annually

  • Paid time off

  • Short Term, Long Term Disability and Life Insurance

  • Employee Assistance Program (EAP)

Training and Development opportunities including professional certification and educational reimbursement

Visual Connections, LLC provides employment opportunities for all employees and applicants in accordance with applicable federal, state and local laws. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

We are a Service-Disabled, Veteran-Owned Small Business; and a Certified Maryland Business Enterprise. We were established in 2007 to provide public and private sector clients with robust web-based applications, Health IT and Portfolio and Program Management services. We have proven ourselves to be valuable partners who can deliver both qualitative and quantitative results to our clients. Our versatile, efficient and experienced team has a stellar record of past performance, working with the Department of Defense (DoD), Department of Health and Human Services (DHHS), Veterans Health Administration (VHA), Centers for Medicare and Medicaid Services (CMS),Centers for Disease Control and Prevention (CDC) and , Blue Cross Blue Shield (BCBS). With an employee base well versed in different disciplines, we are able to deliver high quality customizable solutions.