This position is contingent upon the successful award of a contract or bid proposal. While we are actively reviewing candidates, please be advised that the position will only be officially offered once the contract/bid has been awarded.
Overview:
- Provide a Monitoring and Analysis support group to actively review all SOC data feeds, analytical systems, sensor platforms, and output from other SOC tool products
- Provide written or oral reports of findings to the government SOC lead, and ISSM for further investigation or for action.
- Participate in a variety of Information System Security (ISS) activities, including: monitoring of systems status; escalating and reporting potential incidents; creating and updating incident cases and tickets; risk assessment analysis for High Assurance Gateway (HAG) access and Web Access Requests (WARs); analyzing ISS reports; applying various antivirus, intrusion detection, DMA, and vulnerability assessment tools, techniques and procedures; authoring and implementing custom detection content; tuning the Security Information and Event Management (SIEM) and Intrusion Detection System/Intrusion Prevention System (IDS/IPS) events to minimize false positives; authoring and maintaining custom SIEM content; program analysis and review; hardware and software evaluation and analysis; process improvement; data management; and coordination and reporting of ISS-related incidents
- Provide 5 days a week during normal operation hours between monitoring and analysis of all security feeds, including General Services Administration's (GSA) Managed Trusted Internet Protocol Services (MTIPS), Trusted Internet Connections (TIC), and Policy Enforcement Points (PEP).
- Investigate and positively identify anomalous events detected by security devices or reported to the SOC by external entities, components, system administrators, and the user community via security monitoring platforms and tools, incoming phone calls, and emails.
- As a part of the Monitoring and Analysis support group, be required to participate in assembling, evaluating, installing, and maintaining various intrusion detection sensors and associated software applications.
- Provide informal investigation, review, and recommendation documentation as necessary. Deliverables for Monitoring and Analysis Support include, but are not limited to, daily summary informal reports based on security event analysis and Technical Evaluation Reports (TER)Function:
- Collaborate with the security team to perform tests and find network weaknesses.
- Research and recommend security enhancements and purchases.
- Works with management to develop best practices.
- Researches and keeps current on the latest IT intelligence technologies, trends, and security standards.
- Trains staff on network and IT security procedures.
- Basic Qualifications:
- Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS twelve (12) years of experience in incident detection and response, malware analysis, and or cyber forensics.
- 6+ years of supervising and/or managing teams
- 8+ years of intrusion detection and/or incident handling experience
- Ability to analyze new attacks and provide guidance to watch floor analysts on detection and response
- Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
- Experience with Cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
- Experience with at least 3 of these tools: ARMIS; Cloudflare; Trellix Security: Cloud/Data/Email/Endpoint/Network Security; Threat Intelligence; SIEM; Microsoft Azure/Defender/Sentinel; RSA NetWitness Logs and Packets; Rapid 7 Nexpose/App Spider; Stealthwatch Netflow; Tenable IO/Web App Scanning; Varonis Data Protection; XACTA 360/IO