Cybersecurity Operations Center Tier 3 Analyst

MAD Security

Remote Eligibility

On-site

Domain

Security Operations

State

Alabama

City

Huntsville

Job Description

Posted on:

January 15, 2025

Primary NIST Speciality

Protect and Defend

NIST Sub-speciality

Incident Response

Seniority

Experienced

Salary ($K)

Summary and company overview

ABOUT the MAD SECURITY TEAM

At MAD Security, your passion for excellence and dedication to integrity can thrive. Every challenge is an opportunity to innovate, and every project is a chance to exceed expectations. As an esteemed team member, you’re not just doing a job; you’re making a difference in a culture that values hard work, accountability, and continuous growth. Be a part of a team where your efforts are recognized and celebrated, your integrity is cherished, and your professional development is a priority.

POSITION OVERVIEW

We seek a Tier 3 Security Operations Center (SOC) Analyst with experience working in a SOC or NOC in the MSP or MSSP environments. The ideal candidate will have a passion for high standards and constant improvement with a focus on safeguarding our clients by simplifying cybersecurity challenges. Candidate must have extensive experience in SOC operations and management, incident response (IR), firewall management (FW), and vulnerability management (VM). As a SOC Tier 3 Analyst, this position is part of a multi-function team, including network engineers, cyber operations technical leads, cyber operations center managers, firewall engineers, and compliance management consultants.

The Tier 3 Analyst reports to the Senior Cyber Engineer. The key responsibilities of this position fall into three categories: 1. You will provide cybersecurity advice and support to our clients, understanding how to build rapport and maintain client relationships with a focus on partnership to address their cybersecurity challenges; 2. You will participate in meetings and discussions with senior company executives, Information System Managers, and Cybersecurity Specialists within and outside of MAD Security; and 3. You will participate in accomplishing company monthly, quarterly, and annual objectives.

About MAD Security, LLC

Founded in 2010, MAD Security is a dynamic, Service-Disabled Veteran-Owned Small Business (SDVOSB) cybersecurity managed security services provider (MSSP). We are dedicated to safeguarding the defense industrial base, maritime, and government contractor businesses from EVIL by simplifying the cybersecurity challenge. Our comprehensive suite of services includes Security Operations Center (SOC) as a Service (SOCaaS), Managed Detection & Response, Incident Response, GRC Gap Assessments, User Awareness Training, Penetration Testing, and more.

Our core SOC services deliver relentless monitoring, rapid threat detection, and swift response to keep our clients' environments secure. By integrating NIST frameworks and standards into all our services, we ensure top-tier compliance and best practices.

Driven by our Core Values—Passion for High Standards and Constant Improvement, Integrity, We Do the Work, Coachability, and Professionalism—our commitment to excellence is unwavering. Recognized as a Top 250 MSSP by MSSP Alert for three consecutive years and honored as an Inc. Best Workplace for two consecutive years, the MAD Security team of cyber warriors consistently delivers exceptional managed services and tailored technology solutions to meet the unique needs of defense industry stakeholders.

Responsibilities

Master utilizing the technical tools and procedures used to manage the SOC
Deep understanding of how SIEM/SOAR technologies function
Experience in administrating and maintaining Elasticsearch
Experience in problem solving during incident response event
Experience with planning and executing focused threat hunt operations
Collaborate with all SOC experts to monitor, identify and make notifications on cybersecurity matters to provide a holistic and seamless cybersecurity experience for the client
Analyze, triage, aggregate, escalate and report on client security events including investigation of anomalous and malicious activity
Perform correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
Continuously work to improve SOC technologies to minimize false positives and maximize detection and prevention effectiveness
Develop and track key performance indicators (KPIs) related to SOC operations to benchmark and further enhance capabilities
Develop comprehensive and accurate reports and presentations for technical and executive audiences
Design and conduct proof-of-concept tests to replicate third-party findings and propose solutions to resolve discovered security issues
Communicate regularly with team and with clients to proactively address concerns

Job Requirements

REQUIRED QUALIFICATIONS

Minimum six (6) years of experience in IT Security and/or Information Technology.
Industry-recognized professional certifications such as: GCIH, GCFA, GNFA, GREM
Experience with industry security tooling is required.

PREFERRED QUALIFICATIONS

Experience working in a Security Operations Center in an enterprise or managed services provider environment is desired.
Experience in an incident response, forensics, malware reverse engineering or incident investigation role in large scale environments is desired.
A bachelor's degree in the following areas of study is preferred: Information Technology, Information Security/Assurance, Computer Science, or an equivalent combination of education and experience. A master's degree is a plus.
Fortinet, AT&T AlienVault, Avanan, Preveil, Bricata, Elastic is a plus.

Additional commentary

Skills and Capabilities

Strong problem-solving and critical-thinking skills. Ability to prioritize and execute autonomously.
Ability to develop and manage cybersecurity projects.
Ability to communicate effectively with all staff, management, and clients orally and in writing.
Ability to collaborate across the organization and operate effectively with multiple teams and solutions towards a shared goal.
Strong understanding of the latest security principles and protocols.
Strong understanding of security operations technologies, including SIEM and orchestration.
Ability to tune correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms.
Demonstratable working knowledge of emerging technologies and tactics used within a SOC or IR and how they are applied to improve efficiency and effectiveness.
Understanding of tactics, techniques, and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat-hunting techniques.

Supervisor Responsibilities

None

Location and Work Environment

While performing the duties of this job, the employee regularly works onsite in an office setting. This position is exclusively located in Huntsville, Alabama.

Physical Demands

The physical demands described herein are representative of those that an employee must meet to perform the Primary Duties of this Job Description successfully.

Travel

None

Other Duties

Please note this Job Description is intended to describe the general nature and level of work to be performed by the employee(s) assigned to this Job Title. It is not designed to contain nor be interpreted as a comprehensive and/or all-inclusive list of duties, responsibilities, and qualifications. MAD Security, LLC reserves the right to amend and/or change responsibilities to meet business and organizational needs, as necessary, with or without notice.