Job Description
EAGLEBANK OVERVIEW:
Eagle Bancorp, Inc. headquartered in Bethesda, MD, was incorporated in 1997 to serve as the bank holding company for EagleBank. Eagle Bancorp is a publicly traded company under the symbol EGBN. EagleBank commenced banking operations on July 20, 1998, and currently operates 20 banking offices: six in Suburban, Maryland, five located in the District of Columbia; and nine in Northern Virginia. The Bank was founded to specifically address the business and personal needs of local business owners. It has been answering and exceeding those needs for over 20 years, providing custom financial solutions, local access to senior management, quick response, local decision-making, and a deeply-rooted dedication to the local community.
Our Mission is to be the most respected and profitable community bank by putting relationships first to the delight of our customers, employees, and shareholders, and relentlessly deliver the most compelling service and value. Eagle Banks Values are: Relationships FIRST: Flexible, Involved, Responsive, Strong, and Trusted.
GENERAL SUMMARY:
Lead SOC Analyst / Manager is responsible for the monitoring, analyzing and maintaining EagleBanks technical security controls in support of EagleBanks Information Security Program. This role will be focused on performing advanced triage and detail analysis of security events of EagleBanks technology environments and integrating risk-based threat intelligence into the operational environment. The role also supports the ability to maintain assurance in our technical security controls so that risks to the confidentiality, integrity and availability of EagleBanks information systems and infrastructure are sufficiently mitigated which in turn, supports the banks operational goals. Assists with end user support as needed and assists other information security analysts. This role will have oversight of and responsibility for two or more junior SOC Analysts and the Tier1 outsourced MSSP staff.
MAJOR DUTIES AND RESPONSIBILITIES:
- Advanced monitoring of the day-to-day operation of Security Information and Event Management (SIEM) and Network Anomaly Detection and other security control tools. Provides input into the daily security SOC report.
- Works on alerts assigned to the Eagle Bank Security Team from our outsourced Tier-1 24x7 managed SEIM monitoring provider as a Tier-2 advanced support person and on tickets directly sent to the security helpdesk.
- Ensures effective network monitoring, log management and log analysis from a variety of network sensors to investigate suspect network activity.
- Interprets raw network traffic (e.g. packet capture) and determining whether activity is legitimate.
- Manages two or more SOC Analysts. Sets weekly tasks and runs regular team meetings and one on ones with direct reports. Responsible for performance, setting annual goals and contributes to employment decisions and training.
- Assist in incident analysis using various security systems and their corresponding or associated user/analyst interfaces, including web proxy filtering systems, host and client based firewalls, intrusion detection/prevention systems, endpoint security systems, ant-malware and anti-virus software to monitor network activity.
- Conducts investigations, malware analysis and prepares comprehensive reports with timely escalations to Network or Security Engineering, for review.
- Supervises vendor relationship to include contribution to vendor selection; overseeing implementations, ongoing relationships and strengthening partnerships with our vendors and outsourced staff.
- Remain informed on trends and issues in the security industry, including current and emerging technologies.
- Other duties as assigned.
Required Education/Experience:
- Bachelors degree in Computer Science or Information Systems, Information Technology or related focused technical training or in lieu 4 additional years of engineering and project management experience.
- 7 year of related experience in Information Security, with at least 4 years of experience at the lead level of a SOC (Security Operations Center) engaged in cyber incident management and analysis.
- Very familiar using SEIM and EDR tools
- Familiarity with other security tools like Vulnerability Management, AntiVirus, Web proxies, forensics, etc.
- Supervisory or Leadership experience
Preferred Education/Experience:
- 10 years of Security Operations or Security Administration preferred
- Familiarity with security tools (Application Security, Pen Testing, Network Anomaly Detection, malware analysis, sandbox, etc.)
Required Certifications, Licenses or systems needed :
- SANS GIAC Certification
- GPPA: GIAC Certified Perimeter Protection Analyst
- GCIH: GIAC Certified Incident Handle
- GOEC: GIAC Operations Essentials Certification
- CompTIA Security+
- Certified Network Defender (CND) or Certified Ethical Hacker (CEH)
Preferred Certifications, Licenses or systems:
SANS GIAC Certifications such as
GPEN: GIAC Penetration Tester
Cisco Certified Network Associate Security (CCNA Security
Certified Network Defender (CND) or Ethical Hacker (CEH) or Certified SOC Analyst (CSA)
Required Knowledge & Skills:
- Knowledge of TCP/IP networking: networking topology, protocols and services.
- Advanced Knowledge of Microsoft and Linux operating systems.
- Knowledge of SEIMs like LogRhythm, Qradar, Splunk, etc.; NDR like Darktrace, ExtraHop, Vectra, etc.
- Knowledge of SOC tools like VirusTotal, various Sandboxes, various Malware Analysis tools
- Knowledge working on alerts from systems, firewalls (PaloAlto, Fortinet); IDS/IPS, VPN, WAFs, etc.
- Broad knowledge of computer networking technology.
Preferred Knowledge & Skills:
- Knowledge and experience of Unified Threat Management, Virtualization, Windows Desktop and Server operating systems, firewall technologies, application layer security controls, and IDS/IPS technologies.
- Knowledge of multiple NBA or UEBA tools.
- Conduct threat hunting exercises and campaigns. Knowledge of DFIR best practices.
OTHER JOB REQUIREMENTS:
- Ability to work extended hours, when necessary, to support operational requirements.
- Availability for participation in on-call rotation.