Lead SOC Analyst
Job Location11900 Bournefield Way, Suite 150, Silver Spring, MD
Eagle Bancorp, Inc. headquartered in Bethesda, MD, was incorporated in 1997 to serve as the bank holding company for EagleBank. Eagle Bancorp is a publicly traded company under the symbol EGBN. EagleBank commenced banking operations on July 20, 1998, and currently operates 20 banking offices: six in Suburban, Maryland, five located in the District of Columbia; and nine in Northern Virginia. The Bank was founded to specifically address the business and personal needs of local business owners. It has been answering and exceeding those needs for over 20 years, providing custom financial solutions, local access to senior management, quick response, local decision-making, and a deeply-rooted dedication to the local community.
Our Mission is to be the most respected and profitable community bank by putting relationships first to the delight of our customers, employees, and shareholders, and relentlessly deliver the most compelling service and value. Eagle Bank’s Values are: Relationships F·I·R·S·T: Flexible, Involved, Responsive, Strong, and Trusted.
Information Security Analyst II (Lead SOC Analyst) is responsible for the monitoring, analyzing and maintaining EagleBank’s technical security controls in support of EagleBank’s Information Security Program. This role will be focused on performing advanced triage and detail analysis of security events of EagleBank’s technology environments and integrating risk-based threat intelligence into the operational environment. The role also supports the ability to maintain assurance in our technical security controls so that risks to the confidentiality, integrity and availability of EagleBank’s information systems and infrastructure are sufficiently mitigated which in turn, supports the bank’s operational goals. Assists with end user support as needed and assists other information security analysts. This role will have oversight of and responsibility for two junior SOC Analysts.
MAJOR DUTIES AND RESPONSIBILITIES:
- Advanced monitoring of the day-to-day operation of Security Information and Event Management (SIEM) and Network Anomaly Detection and other security control tools. Provides input into the daily security SOC report.
- Works on alerts assigned to the Eagle Bank Security Team from our outsourced Tier-1 24x7 managed SEIM monitoring provider as a Tier-2 advanced support person and on tickets directly sent to the security helpdesk.
- Ensures effective network monitoring, log management and log analysis from a variety of network sensors to investigate suspect network activity
- Interprets raw network traffic (e.g. packet capture) and determining whether activity is legitimate.
- Supervise the daily activities of junior SOC Analysts. Responsible for performance and contributes to employment decisions and training.
- Assist in operating all technical security systems and their corresponding or associated user/analyst interfaces, including web proxy filtering systems, host and client based firewalls, intrusion detection/prevention systems, endpoint security systems, ant-malware and anti-virus software to monitor network activity.
- Conducts investigations, malware analysis and prepares comprehensive reports with timely escalations to Network or Security Engineering, for review.
- Remain informed on trends and issues in the security industry, including current and emerging technologies.
- Bachelor’s degree in Computer Science or Information Systems, Information Technology or related focused technical training or in lieu 4 additional years of engineering and project management experience.
- 6 year of related experience in Information Security, with at least 4 years of Security Engineering or Security Administration preferred.
- Familiarity with security tools (Vulnerability Management, SIEM, Endpoint Security, Web proxies, etc.)
- Supervisory or Leadership experience
- 8 years of Security Engineering or Security Administration preferred
- Familiarity with security tools (Application Security, Pen Testing, Network Anomaly Detection, email gateway, etc.)
Required Certifications, Licenses or systems needed :
- CompTIA Security+
One of the following:
SANS GIAC Certifications
GISF: GIAC Information Security Fundamentals
GSEC: GIAC Security Essentials Certification
GOEC: GIAC Operations Essentials Certification
- Certified Network Defender (CND) or Ethical Hacker (CEH)
Preferred Certifications, Licenses or systems:
One or more of the following certifications (or equivalent) preferred:
- SANS GIAC Certifications such as
- GPPA: GIAC Certified Perimeter Protection Analyst
- GCIH: GIAC Certified Incident Handler
- GPEN: GIAC Penetration Tester
- Cisco Certified Network Associate Security (CCNA Security)
- Certified Network Defender (CND) or Ethical Hacker (CEH) or Certified SOC Analyst (CSA)
Required Knowledge & Skills:
- Knowledge of TCP/IP networking: networking topology, protocols and services.
- Advanced Knowledge of Microsoft and Linux operating systems.
- Knowledge of SEIMs like LogRythmn, Qradar, Splunk, etc.; NDR like Darktrace, ExtraHop, Vectra, etc.
- Knowledge of SOC tools like VirusTotal, various Sandboxes, various Malware Analysis tools
- Knowledge working on alerts from systems, firewalls (PaloAlto, Fortinet); IDS/IPS, VPN, WAFs, etc.
- Good working knowledge of Microsoft Office applications and other software applications as required.
- Broad knowledge of computer networking technology.
Preferred Knowledge & Skills:
- Knowledge and experience of Unified Threat Management, Virtualization, Windows Desktop and Server operating systems, firewall technologies, application layer security controls, and IDS/IPS technologies.
- Knowledge of multiple NBA or UEBA tools.
- Conduct threat hunting exercises and campaigns. Knowledge of DFIR best practices.
OTHER JOB REQUIREMENTS:
- Ability to work extended hours, when necessary, to support operational requirements.
- Availability for participation in on-call rotation.