As a Security Operations Center (SOC) Tier 2 Analyst, you will be analyzing / monitoring network traffic and providing advanced IT Security Incident Response for a global hybrid environment environment.
Security Clearance is Required*****
In this role, you will be responsible for the following:
· Validation and analysis of investigations escalated from the Tier 1 Security Operations Center (SOC) Analysts
· Analyzes medium to high complexity technical and system problems related to security events
· Provide documentation of the investigation; determine the validity and priority of the activity and escalate to a Cyber Defense Team, as needed
· Communicates directly with the Application owners and business owners during high severity incidents
· Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets and SIEM platform
· Manages and assures threat feeds are received, aggregated, reviewed, tickets and acted upon accordingly
· Feeds data back to threat feed sources, where appropriate, of new threats found during internal investigations
· Manage white list and black list in SIEM and disseminates to appropriate operators for tool policy updates or setting updates in security tools
· Staying up to date with current vulnerabilities, attacks, and countermeasures
· Develops solutions and provides recommendations to enhance overall security posture, reduce false positives, and optimize Time to Detection and Time to Remediation metrics
· Provide analysis and trending of security log data from a large number of heterogeneous security devices.
· Provide Incident Response (IR) support when analysis confirms actionable incident.
· Provide threat and vulnerability analysis as well as security advisory services
· Analyze and respond to previously undisclosed software and hardware vulnerabilities
· Investigate, document, and report on information security issues and emerging trends.
· Coordinate with Intel analysts on open source activities impacting SLTT governments.
· Integrate and share information with other analysts and other teams
· Other duties as assigned
Knowledge, Skills, and Abilities
· Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages
· General knowledge of practices and procedures of operating systems, operating system utilities and sub systems and/or network technologies
· Knowledge of network security zones, firewall, IDS
· Knowledge of log formats for syslog, http logs, DB logs and how to gather traceability back to event; knowledge of packet capture and analysis; experience with log management or security information management tools; experience with security assessment tools; ability to make information security risk determinations
· Knowledge of regex and experience with one or more scripting languages like Python, Perl, Ruby etc.
· Candidates must be able to work on-site at Federal Agency located in the Vienna, VA or San Antonio, TX areas
· Authorized to work in the US without sponsorship now or in the future
· The ability to communicate security events, potential impacts, and actions taken to higher-tier resolvers and management team
Preferred but Not Required Knowledge, Skills, Abilities and Certs
· AWS Certifications and or experience
Certifications and Experience
· Hold at least a US Secret Clearance
· Meets IAT II Certification requirements
· Security+ Certification is required
· 4+ years of related experience in a Security Operations Center capacity
· Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), Cyber Defense Team (CDT) or a Security Operations Center (SOC)