Level 3 Security Operations System Specialist

Location: Sacramento, CA
Date Posted: 10-23-2017
IMMEDIATE NEED for a Security Operations System Specialist to support a Security Operations Center (SOC) in Sacramento, California. Our Client is in the process of implementing and maturing a new Security Operations Center (SOC) and a set of cybersecurity tools and services to support the SOC and the overall cybersecurity posture. To ensure that the new cybersecurity program and tools are implemented in a timely fashion, with complete functionality and capacity, we are seeking a qualified consultant to provide Level 3+ expertise to the Security Operation Center including but not limited to incident processing, content creation, OJT and formal training of SOC staff, research and reporting, and various other expert level duties within the SOC 

Mandatory Qualifications 
  • Current certification as a Certified Information System Security Professional (CISSP).
  • At least five (5) years’ experience as a SOC Security Specialist (level 1, 2, and/or 3) with a Fortune 500 company and/or governmental entity and/or multi-customer managed security services provider.
  • At least two (2) years’ experience as a 3rd level SOC Security Specialist.
  • At least one (1) year experience as a SOC content creator.
  • At least one (1) year experience in processing and integrating threat intelligence into SOC operations.
  • At least one (1) year experience conducting threat hunting within a SOC environment.
Desirable Qualifications 
  • Experience using Splunk as a security analytics platform.
  • Experience using RSA Archer as a SOC workflow platform.
  • Experience in a threat hunting role within a security operations environment.
  • Experience in a SOC content creation role within a security operations environment.
  • Experience using TrendMicro TippingPoint intrusion protection systems (IPS) and/or intrusion detection systems (IDS) systems.
  • Experience integrating threat intelligence feeds into SOC operations (particularly with Archer and/or Splunk).
  • Demonstrable experience communicating and presenting materials to both technical staff and executive management.
Tasks and Deliverables 

* Serve as a level 3 SOC specialist utilizing the various tools available including Splunk, Archer, Trend TippingPoint IPS and IDS systems, NetScout packet capture, endpoint protection system(s), lateral detection systems, ThreatConnect intelligence feeds, other intelligence feeds, and other technologies/capabilities as defined. This includes but it not limited to: 
  • Assistance with reviewing, prioritizing, and investigating alerts and data in SIEM (Splunk), IDS/IPS and other SOC systems.
  • Investigation of high-priority alerts from the SIEM system.
* Provide content creation services as directed for the security analytics and workflow platforms (Splunk and Archer). 
  • Including but not limited to the development of monitoring use cases for IDS/IPS, SIEM, and other monitoring technologies.
* Provide threat hunting services as directed. 

* Serve as a senior technical advisor to the SOC management and staff to include best practice knowledge transfer of SOC analysis and triage. 

* Provide on the job and formal training to SOC and other security staff as directed. 

Other duties to include:
  • Escalation of high priority alerts to leadership team.
  • Development of security metrics based on best industry practice.
  • Interpretation of security metrics and process data queries.
  • Assess an environment’s ‘normal baseline’, process requests, determine abnormalities against the normal baseline, and formulate a logical picture from the information and data obtained.
  • Engage with IDS/IPS, log monitoring, firewalls, Active Directory, endpoint protections systems, etc.
  • Extract metadata out of a log, or other data source, such as an event identification (ID), in order to conduct research.
  • Conduct security monitoring and support digital forensics efforts.
  • Perform triage and analysis of escalated security incidents and indicators generated by the incident monitoring systems.
  • Managing, as directed, incoming notifications.
  • Exercise data collection or event enrichment.
  • Design and architect various processes, workflows, standards, training manuals, and other key aspects of the SOC’s primary functions including areas of: monitoring, incident response, digital forensics, malware analysis, threat hunting, threat intelligence, and integrations as directed.
  • Present and summarize areas for improvements with specific examples and recommendations that will further develop and mature the SOC.
  • Assist with automation including scripting, correlation rule writing, and signature creation.
  • Conduct research and generate reports as directed.

Work Approach 

Provide a work approach and methodologies for how the task/deliverables will be undertaken including any proposed tools. 


Candidate must provide at least three (3) client references from prior engagements who are able to confirm the individual’s knowledge, skills, and experience. Experience must have occurred in the last five (5) years and be similar to the services requested. References must include customer name and address, and the name, telephone number, and e-mail address of a contact person. 
this job portal is powered by CATS