SOC Analyst-Tier 1 (R-00068)

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

TZT is seeking a highly-motivated and detail-oriented Tier 1 SOC Analyst to join our Security Operations Center (SOC) team. As a Tier 1 SOC Analyst, you will play a crucial role in monitoring, detecting, and responding to security incidents to ensure the protection of our clients' assets. This is an exciting opportunity to work in a fast-paced environment and contribute to the ongoing success of our cybersecurity operations.

As a TZT consultant, the candidate will receive access to the full knowledge base which is driven by the True Zero community as well as the technical backing of the entire PS team. True Zero encourages collaboration and growth through information sharing and knowledge workshops. The candidate will also have access to our internal Slack channel to stay connected with the team as well as the necessary tools to train, demo, test and grow their professional skills.

• The ability to perform triage on all security related events
• Investigate and identify the root cause behind security incidents – to include all stages of the cyber kill chain as appropriate/needed
• The ability to determine the extent and remediation of security events 
• Refinement/improvement of existing use cases/alerting with Tier 2 
• Perform regular continuous monitoring of events across platforms, operating systems, databases, and management systems. 
• Track and communicate reported events for numerous different security platforms, operating systems, databases, and management systems. 
• Review existing security events and propose refinements as necessary 
• Improve and implement indicators and protections across platforms, operating systems, databases, and management systems. 
• The ability to perform general operational and maintenance tasks for the organization
• Performing reviews of previously blocked domains/IPs 
• Generating datasets for later analysis by other members of the team 
• Generate reports on a scheduled basis to document findings and remediation efforts, to include recommendations to the system owners 
• Following defined procedures for metrics generation  
• The ability to provide the first line communication for events into the SOC 
• Handle or escalate emails send to the SOC
• Handle or escalate incoming phone calls to the SOC
• The ability to communicate professionally on all security events should they arise
• Document a description of each event handled and store the artifacts related to the handling of those events within the ticketing system 
• Work collaboratively with various stakeholders to investigate events of interest and incidents 

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience perferred). 
• Proven experience (2+ years) in a SOC or security-related role, with a focus on incident monitoring, analysis, and response. 
• Familiarity with security technologies and tools such as SIEM, IDS/IPS, firewalls, antivirus, and endpoint protection systems. 
• Understanding of common network protocols (TCP/IP, DNS, HTTP, etc.) and their role in security monitoring. 
• Knowledge of security incident response methodologies and best practices. 
• Familiarity with various operating systems (Windows, Linux, etc.) and their security features. 
• Basic understanding of malware analysis and its impact on security incidents. 
• Strong analytical and problem-solving skills, with the ability to work under pressure and meet tight deadlines. 
• Excellent communication skills, both written and verbal, with the ability to effectively document and report on security incidents. 
• Security certifications such as CompTIA Security+, GCIH, or GCIA are highly desirable. 
• Experience with threat hunting and proactive detection techniques. 
• Familiarity with log analysis and familiarity with log management tools. 
• Understanding of common cybersecurity frameworks such as NIST, ISO 27001, or CIS Controls. 
• Knowledge of scripting languages (Python, PowerShell, etc.) for automation and data analysis. 
• Familiarity with cloud platforms and their impact on SOC operations (e.g., AWS, Azure, GCP). 
• Ability to work collaboratively in a team environment and effectively communicate with technical and non-technical stakeholders. 
• Continuous learning mindset and a passion for staying up to date with the latest cybersecurity trends and technologies. 

U.S. Citizenship is required as this is in support of a Federal Customer.

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:

- Competitive salary, paid twice per month

- Best in class medical coverage

- 100% of medical premiums covered by True Zero

- Company wide new business incentive programs

- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)

- 3 weeks of PTO starting + 11 Paid Holidays Annually

- 401k Program with 100% company match on the first 4%

- Monthly reimbursement of Cell Phone and Home Internet costs

- Paternity/Maternity Leave

- Investment in training and certifications to broaden and deepen your technical skills