Posted in Other 30+ days ago.
This job brought to you by America's Job Exchange
Type: Full Time
Location: Washington, Washington DC
Security Operations Center (SOC) Analyst
Are you passionate about cyber and security challenges in information technology, associated with threats and vulnerabilities* Are you are interested in a role that offers an opportunity to provide front line support to our Federal clients* If yes, then Telesis wants to speak with you. Join our team of cybersecurity operations professionals who collaborate with government agencies, IT professionals, and clients to support cyber security and risk consulting engagements around the world.
As a SOC Analyst you will be an integral part to the operations of our Client's new security operations center (SOC). The SOC Analyst is responsible for monitoring, detecting, analyzing, remediating, and reporting on cyber events and incidents impacting the tech infrastructure of our federal Client in the District of Columbia. In doing so, you will be responsible for the following:
* Provide in-depth cybersecurity analysis, and trending of log, event data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cybersecurity incidents and make sound recommendations that enable expeditious remediation.
* Conduct security tool/application (for example, Splunk, McAfee E-policy Orchestrator, Tenable Nessus, BeyondTrust (formerly eEye) Retina, ServiceNow, SolarWinds, Palo Alto, Ciso, Bro, Snort, etc.) tuning engagements with analysts and engineers to develop/adjust rules and analyst response procedures and reduce false-positives from alerting.
* Utilize advanced background and experience in information technology and incident response handling to scrutinize escalated cybersecurity events distinguishing these events from benign activities, and escalating confirmed incidents to the incident response team.
* Recognize, create and ingest indicators of compromise (IOCs) for attacker tools, tactics, and procedures into network security tools/applications to protect our Client's enterprise.
* Provide technical analytical guidance to, and quality-proofing of other analysts' analytical advisories and assessments prior to release from the SOC.
* Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.
* Report common and repeat problems (trend analysis) to SOC leadership and propose process and technical improvements to improve the effectiveness and efficiency of the incident handling process.
* Respond to inbound requests via phone and other electronic means for technical assistance, and resolve problems independently. Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues.
* Contribute to a daily high-level read-file regarding the status and nature of top threats to the enterprise;
* Provide security administration support that includes activities such as security audits, computer use violations and incidents in response to discoveries and/or requests from other entities; and
* Support the implementation of enterprise security controls and gather network forensics when required to support incident management
Collaboration, innovation, sustainability: these are the hallmark issues shaping Federal government initiatives today. Telesis' Federal practice is passionate about making an impact with lasting change. We collaborate with teams from across our organization in order to bring the full breadth of Telesis to support our clients. Our aspiration is to be the premier integrated solutions provider in helping to transform the Federal marketplace.
* Three to five years of hands-on operational experience as a cybersecurity analyst/engineer in a security operations center, or equivalent knowledge in areas such as; cybersecurity operations, incident analysis and handling, vulnerability management, log analysis, and intrusion detection.
* In-depth understanding of cybersecurity attack countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, malicious code activity such as worms, trojans, viruses, etc.
* In-depth hands-on experience analyzing and responding to security events and incidents with a majority of the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network- and host- based firewalls, data loss prevention (DLP), database activity monitoring (dam), web content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
* Strong knowledge of cybersecurity attack methodology to include tactics and techniques, and associated countermeasures.
* Strong knowledge of TCP/IP protocols, services, networking, and experience identifying, analyzing, containing, and eradicating cybersecurity threats.
* Adept at proactive search of the internet and other sources to identify cybersecurity threat countermeasures, not previously ingested into network security tools/applications, to apply to protect our Client's enterprise.
* Excellent ability to multi-task, prioritize, and manage time and tasks effectively.
* Excellent teamwork, interpersonal, organizational, oral, communication and customer service skills.
* Proven experience in planning, coordination, and executing complex high visibility tasks essential to the security and operation of an Enterprise
The ideal candidate will have a technical background with significant previous experience in an enterprise environment with the following:
* Previous experience leading a soc team unit responsible for analysis and correlation of cybersecurity event data
* Skilled in understanding, recognizing, and detecting cybersecurity exploits, vulnerabilities, and intrusions in host and network-based systems
* Comprehensive knowledge of defense-in-depth principles and network security architecture.
* Experience with review of raw log files, and data correlation of firewall, network flow, ids, and system logs.
* Experience in host forensics.
* Knowledge of common network tools (e.g., ping, traceroute, nslookup).
* Comprehensive understanding of network services and operating system (Windows/Unix) ports, protocols, and services.
* Understanding of database structure and queries.
* Bachelor's Degree in computer science, information technology, or related field
* One or more of the associated certifications:
* Offensive Security Certified Professional (OSCP) issues by Offensive Security
* GIAC Certified Intrusion Analyst (GCIA) issued by the Global Information Assurance Certification (GIAC)
* GIAC Certified Enterprise Defender (GCED) issued by GIAC
* GIAC Certified Incident Handler (GCIH) issued by GIAC
* Certified Ethical Hacker (CEH) issued by EC-Council
* CISSP Certified Information Systems Security Professional issued by Int'l Information System Security Certification Consortium (ISC2)
* Certified Information Security Manager (CISM) - issued by Information Systems Audit and Controls Association (ISACA)
Must be a U.S. Citizen and have the ability to attain clearance to hold a Public Trust position
At Telesis, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.
Telesis maintains a policy of non-discrimination for all employees and applicants in every facet of the company s operations. In compliance with federal and state laws, Telesis hires, trains, and promotes all qualified employees without unlawful discrimination on the basis of race, color, religion, gender, national origin, age, marital status, disability, and any other legally protected status