We’re Hiring

Visual Connections, LLC seeking a CSOC Sr. Cyber Defense Analyst.

Onsite (Martinsburg, WV or Hines, IL) 

Duties:

• Configure monitoring tools to detect threat actor techniques and/or behavioral indicators 

• Craft custom search queries using Splunk (SPL), as well as Microsoft Defender for Endpoint and Microsoft Sentinel (KQL) 

• Provide subject matter expertise to support security detections in one of the following areas: 

  • Cloud technologies 

  • SaaS 

  • Identity and access management 

  • Networking 

  • Splunk 

  • EDR 

• Map security detections to the MITRE ATT&CK Framework 

• Research and develop configuration recommendations to facilitate operationalization of new data sources for detection of adversarial activities 

• Use machine learning and pattern analysis to improve detection of specific types of threats 

• Collaborate effectively with cross-functional teams, including incident response, forensics, threat intelligence, IT, and network administrators 

• Clearly communicate technical information and detection-related updates to management and stakeholders 

• Develop and operationalize advanced security analytics to detect and respond to sophisticated cyber threats in near real-time 

• Develop and implement detection feedback processes - e.g., tuning false positives, decommissioning, etc. 

• Ensure completeness and consistency regarding data quality of detections 

• Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy 

• Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate detection and incident response, including enrichment, containment, and remediation actions 

• Support the operationalization of new security detections, including building reference documentation, investigation guidelines, and tuning considerations 

• Stay informed about the latest cybersecurity threats, trends, and best practices 

• Actively participate in cybersecurity exercises, drills, and simulations to improve incident response understanding 

Requirements:

• Candidates must possess a professional level certification in one of the following subject areas: 

  • Cloud (ex: GLCD, GCFR) 

  • Detection engineering (ex: GCDA) 

  • Incident Response/Forensics (ex: GCIH, GCFE, GNFA) 

  • IDAM (ex: Microsoft Identity and Access Administrator Associate) 

  • SIEM (ex: Splunk Power User) 

• Bachelor's degree in computer science, cybersecurity, information technology, or a related field (or equivalent work experience) 

• 8+ years of experience supporting large-scale IT related projects 

• 4+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC) 

• A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure the SOC operates effectively in a high-pressure environment 

• Strong experience with security technologies including SIEM, IDS/IPS, EDR, and network monitoring tools 

• Experience with security focused cloud-native tooling such as Azure Sentinel and AWS GuardDuty 

• Experience with enterprise ticketing systems like ServiceNow 

• Excellent analytical and problem-solving skills 

• Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight 

• Ability to function in multiple capacities and learn quickly 

• Strong verbal and written communication skills 

Fulltime Onsite (Martinsburg, WV or Hines, IL)