For more than 40 years, Calian has been solving the world’s most complex problems by pairing the brightest minds with powerful technology. Calian solutions impact the world; from the satellites in space that connect us to the farms that feed us, from the medical professionals who care for us to the governments, schools, and companies that make the world better every day.

Position Overview

We are seeking a qualified Security Operations Center (SOC) Analyst – Tier II. The SOC Analyst – Tier II will play a pivotal role in handling more complex/high-priority cybersecurity alerts & incidents originating from Calian customers nationwide. This role provides an opportunity to work with advanced Network and Endpoint Detection, SIEM, and Incident Response (IR) tools in support of a comprehensive cybersecurity program, while also participating in training development, critical event reviews, and UAT for new SOC tools. We are looking for someone with an interest in analyzing, identifying, and eliminating customer security alerts and events and is driven by the challenging demands of cybersecurity. If you are seeking new opportunities to develop technical acuity, are innovative, and are eager to learn in a rapidly evolving field, this is the place for you.

**This is an overnight shift position. Working hours are Sunday through Thursday, 12 am. to 8 a.m, Central time**

Responsibilities

• Complete more complex high-priority/escalated client support tickets
• Participate in Incident/Breach response investigations and deliver incident response reports and after-action reviews
• Work on various internal projects/initiatives such as UAT of new SOC tools, working cross-functionally with other teams /departments as a stakeholder for the Service Delivery Organisation
• Write or provide input to our Learning and Development team on KB Articles or training content
• Deliver training modules and conduct assessments with new hires
• Ongoing mentoring and coaching of Tier I Analysts
• Participate in Quarterly Service Reviews (QSRs) with our Customer Success Team providing technical input from the SOC where necessary
• Secondary review and approval of permanent signal filters, Global Blacklist IP Nominations, and high-priority client alerts
• Critical Event Reviews – performing secondary audits of selected signals and following up with analysts and clients as necessary
• Perform real-time proactive security monitoring, detection, and response to cybersecurity events using a variety of forensic tools
• Provide incident response – triage, incident analysis, remediation, and recovery.
• Conduct a thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, Anti-Virus, and customer escalations.
• Respond to security-related alerts and escalations in a timely manner.
• Recognize successful potential intrusions and compromises through review and analysis of relevant event detail information; block malicious network traffic and isolate infected hosts on customer networks.
• Launch and track investigations to resolution.
• Differentiate false positives from true intrusion attempts.
• Effectively communicate the findings of investigations of intrusions or compromises to concerned stakeholders.
• Demonstrate problem-solving skills that contribute towards the resolution of issues that arise.
• Maintain situational awareness of the latest cybersecurity threats, vulnerabilities, and mitigation strategies.
• Participate in the computer security incident response team CSIRT.
• Provide on-call support for after-hours security-related events.
• Perform other duties as required and/or assigned.
• Employee must be able to perform essential functions of the job with or without reasonable accommodation.

Qualifications

• Knowledge of vulnerability management functions and how they relate to a risk-based security model
• Understanding of network architecture including the TCP/IP stack and the capture and analysis of network traffic
• Understanding of syslog functionality

• Hands-on experience in at least one of the following security domains;
• Network Security including Intrusion Detection Systems (IDS)
• Windows Endpoint Security, using EDR products such as VMware Carbon Black Response/Threat Hunter, Crowdstrike Falcon, or Microsoft Defender ATP.
• SIEM/Log Management, using products such as SumoLogic, Splunk, or similar
• Knowledge and experience of network and endpoint security technologies including:
• Snort/Suricata, Packet Capture (PCAP) Analysis using Wireshark (Optional or Bonus)
• Windows system internals, knowledge of PowerShell
• Linux Kernel and basic scripting (Bash/Python) knowledge
• Analytical mind with strong attention to detail and a commitment to quality of service
• Strong customer-facing written and verbal communication skills with the ability to effectively communicate complex security concepts with end customers
• Demonstrated experience in confidently handling escalated client issues, diffusing challenging situations, and delivering an optimal customer experience Natural ability to thrive in a fast-paced and time-sensitive environment
• Ability to work in an operational/shift-based environment
• Must be eligible to work for any U.S. employer without the need for sponsorship now or in the future

Preferred Qualifications

• Bachelor’s degree in Engineering, Computer Science, Information Security, or Information Systems or equivalent work experience.

• 3+ years’ full-time experience in a Security Operations Center or similar Cyber Security Analysis role excluding time spent on an intern or work experience program.
• SANS GIAC, EC-Council, CompTIA Network/Security+, CCNA CyberOps or equivalent certifications

EEO Statement

Calian is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, or any other characteristic protected by law.

#LI-CH1# #SF#

How we hire