Job Description: Security Operations Center (SOC) Analyst III (Remote support is for local candidates. Non-local candidates will not be considered.)
The Cybersecurity Operations Portfolio is in need of a Security Operations Center (SOC) Analyst supporting its Threat Intelligence (TIU) program. This resource will be working with the OPS: Threat Intelligence (TIU) team to:
Implement a dynamic, advanced Risk-Based Alerting (RBA) security framework within Splunk
Create and test detections written in advanced Splunk Programming Language (SPL)
Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis.
Act as an observer to Red Team penetration testing exercises and collaborating with Cybersecurity Operations Center (CSOC).
Correlate event or incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation.
Qualification Requirements:
5+ years experience with Splunk, MITREATT&CK Framework, Endpoint Security Services
Experience with host level scripting, eg. Powershell.
Experience in working with one or more Cloud Platforms
Familiarity with cybersecurity operation center functions
Linux Administration and monitoring
Windows Administration and monitoring
Experience with Security framework and can interpret use cases into actionable monitoring solutions.
Strong working knowledge of:
Security Information and Event Management (SIEM) systems.
Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
Network and Host malware detection and prevention.
Network and Host forensic applications.
Web/Email gateway security technologies.
Sysmon.
Log aggregation tools.
Demonstrated ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines
Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness
Demonstrated solid planning and organizational skills
Demonstrated experience working independently and as part of a team
Weekday shift (M-F, 7AM-4PM or 8AM-5PM)EXPERIENCE LEVEL:
EXPERIENCE LEVEL:
5-7 years of related experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC).
EDUCATION:
Bachelors Degree in Computer Science, Information Technology or Information Security
CERTIFICATIONS: (One or more required)
CompTIA Security +
CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker GCIH - (GIAC Certified Incident Handler) or ECIH - (EC-Council Certified Incident Handler) CISA - Certified Information Systems Auditor
Additional Provisions:
Must be able to obtain a Position of Public Trust Clearance
Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
All candidates must be a US Citizen, or have permanent residence status (Green Card).
Candidate must have lived in the United States for the past 5 years.
Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)