Agile Defense
Lead Tier 2 Soc Analyst
The Bureau of Engraving and Printing's (BEP's) core mission is to design and manufacture high-quality security documents that meet customers' requirements for quality, quantity, and performance, as well as counterfeit deterrence. Provides incident response process, threat intelligence review, incident investigation and reporting. The Tier 2 team is inherently responsible for BEP's Cybersecurity Incident Response Capability(CSIRC) and Privacy incidents response. Job Duties and Responsibilities Oversee and coordinate the end-to-end cybersecurity incident response lifecycle, including preparation, identification, containment, eradication, recovery, and lessons learned. Analyze and prioritize security incidents escalated from Tier 1 SOC analysts, ensuring timely and effective response to mitigate risks. Create, update, and maintain incident response playbooks, standard operating procedures (SOPs), and workflows to ensure consistency and efficiency in handling incidents. Coordinate Response Activities: Collaborate with cross-functional teams (e.g., IT, legal, compliance, and external stakeholders) during incident response to ensure alignment and effective resolution. Collect, review, and interpret threat intelligence from internal and external sources (e.g., open-source intelligence, commercial feeds, or industry reports) to identify potential threats and vulnerabilities. Communicate relevant threat intelligence findings to Tier 1 and Tier 3 teams, as well as other stakeholders, to improve situational awareness and preparedness. Use forensic tools and techniques to collect and preserve evidence, ensuring chain of custody for potential legal or regulatory purposes. Leverage Security Information and Event Management (SIEM) systems and other tools to correlate events and identify patterns of malicious activity. Serve as the primary point of contact for the organization's Cybersecurity Incident Response Capability, ensuring the team is prepared to handle incidents effectively. Guide and mentor Tier 1 and Tier 2 analysts, providing training on incident response techniques, tools, and best practices. Continuously assess and enhance the CSIRC's capabilities, including tools, processes, and team readiness, to address evolving threats. Qualifications Required Certifications SOC Analyst or equivalent certification is required. (Equivalent certification covers similar level of information security domains or depth of knowledge and or experience.) Education, Background, and Years of Experience Bachelor's degree in Computer Science or IT related disciplines 3 years of related experience Additional Skills & Qualifications Required Skills Possess expert knowledge of cybersecurity incident response lifecycle. Working Conditions Environmental Conditions Standard office building with cubes near co-workers Physical Requirements Stand or Sit; Walk; Use Hands / Fingers to Handle or Feel; See Happy - Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do. Helpful - Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated. Honest - Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support. Humble - Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task. Hungry - Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges. Hustle - Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The Bureau of Engraving and Printing's (BEP's) core mission is to design and manufacture high-quality security documents that meet customers' requirements for quality, quantity, and performance, as well as counterfeit deterrence. Provides incident response process, threat intelligence review, incident investigation and reporting. The Tier 2 team is inherently responsible for BEP's Cybersecurity Incident Response Capability(CSIRC) and Privacy incidents response. Job Duties and Responsibilities Oversee and coordinate the end-to-end cybersecurity incident response lifecycle, including preparation, identification, containment, eradication, recovery, and lessons learned. Analyze and prioritize security incidents escalated from Tier 1 SOC analysts, ensuring timely and effective response to mitigate risks. Create, update, and maintain incident response playbooks, standard operating procedures (SOPs), and workflows to ensure consistency and efficiency in handling incidents. Coordinate Response Activities: Collaborate with cross-functional teams (e.g., IT, legal, compliance, and external stakeholders) during incident response to ensure alignment and effective resolution. Collect, review, and interpret threat intelligence from internal and external sources (e.g., open-source intelligence, commercial feeds, or industry reports) to identify potential threats and vulnerabilities. Communicate relevant threat intelligence findings to Tier 1 and Tier 3 teams, as well as other stakeholders, to improve situational awareness and preparedness. Use forensic tools and techniques to collect and preserve evidence, ensuring chain of custody for potential legal or regulatory purposes. Leverage Security Information and Event Management (SIEM) systems and other tools to correlate events and identify patterns of malicious activity. Serve as the primary point of contact for the organization's Cybersecurity Incident Response Capability, ensuring the team is prepared to handle incidents effectively. Guide and mentor Tier 1 and Tier 2 analysts, providing training on incident response techniques, tools, and best practices. Continuously assess and enhance the CSIRC's capabilities, including tools, processes, and team readiness, to address evolving threats. Qualifications Required Certifications SOC Analyst or equivalent certification is required. (Equivalent certification covers similar level of information security domains or depth of knowledge and or experience.) Education, Background, and Years of Experience Bachelor's degree in Computer Science or IT related disciplines 3 years of related experience Additional Skills & Qualifications Required Skills Possess expert knowledge of cybersecurity incident response lifecycle. Working Conditions Environmental Conditions Standard office building with cubes near co-workers Physical Requirements Stand or Sit; Walk; Use Hands / Fingers to Handle or Feel; See Happy - Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do. Helpful - Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated. Honest - Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support. Humble - Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task. Hungry - Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges. Hustle - Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities