SAP SAP NS2 Tier / SOC Incident Responder - Hybrid Herndon VA 

United States, Virginia 

469981699

SAP NS2 Tier 2 / 3 SOC Incident Responder - Hybrid / Herndon, VA

This position requires access to customer data. Must be a U.S. citizen; SAP NS2 does not offer Visa sponsorships for this role.

As a SOC Incident Responder, you'll play a pivotal role in our Security Operations Center (SOC), which is responsible for promptly identifying, investigating, and responding to security incidents. In addition to handling standard incident response tasks, you'll provide advanced technical expertise and support Tier 2/3 actions, acting as an escalation point for complex incidents requiring deeper analysis and resolution. This position will require coming into our Herndon, VA office at least once a week.

General Responsibilities:

• Monitor and analyze security alerts and events to identify potential incidents requiring further investigation.
• Investigate security incidents to determine the root cause, extent of impact, and appropriate response actions.
• Provide Tier 2 / Tier 3 support by offering advanced technical assistance and guidance to SOC analysts during incident investigations.
• Execute incident response procedures, including containment, eradication, and recovery, to mitigate the impact of security breaches.
• Collaborate with cross-functional teams to coordinate response efforts and implement corrective actions.
• Document incident details, actions taken, and lessons learned to improve incident response processes and enhance future preparedness.
• Stay abreast of emerging threats, vulnerabilities, and attack techniques to proactively identify and mitigate risks.
• Participate in tabletop exercises and incident response drills to test and validate response procedures and enhance readiness.
• Provide support and guidance to junior analysts and SOC team members during incident investigations and response activities.

General Qualifications:

• Bachelor's degree in Information Technology, Computer Science or related. Years of experience may be used in lieu of a degree.
• At least 5+ years of experience working in a Security Operations Center (SOC) or similar role.
• Strong understanding of cybersecurity principles, threat landscape, and common attack vectors.
• Proficiency in using SIEM tools, intrusion detection systems (IDS), and other security monitoring platforms.
• Experience conducting incident investigations, including evidence collection, analysis, and documentation.
• Familiarity with incident response frameworks, such as NIST SP 800-61 or SANS Incident Handling.
• Excellent analytical and problem-solving skills, with the ability to prioritize and respond to incidents in a fast-paced environment.
• Effective verbal and written communication skills, with the ability to convey technical information to non-technical stakeholders.
• Relevant certifications such as GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or equivalent
• Hands-on experience with SIEM tools such as Splunk.
• Knowledge of network protocols, packet analysis, and log analysis techniques.
• Experience with scripting languages (e.g., Python, PowerShell) for automating tasks and analyzing data.
• Understanding of cloud security principles and experience with cloud security tools and services.
• Familiarity with threat intelligence feeds, indicators of compromise (IOCs), and threat-hunting techniques.
• Experience with endpoint detection and response (EDR) solutions and host-based forensic analysis tools.

We win with inclusion

Washington DC