Sr Info Security Analyst

Washington, DC
Jan 12, 2017
Sep 18, 2017
Full Time
GDIT has available positions for incident responders and network security monitoring analysts in a 24x7x365 SOC. Responsibilities will include, but not be limited to network security analysis, monitoring and incident response.


Our Security Analysts work with and learn from experienced security team leaders and use the latest technology to detect, analyze and limit intrusions and security events. Candidates must be willing to work in a 24/7/365 SOC environment, demonstrate intuitive problem solving skills and allow for flexible scheduling.


• Performs network security monitoring and incident response for a large organization, coordinates with other government agencies to record and report incidents.

• Maintain meticulous records of security monitoring and incident response activities.

• Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.

• Create, modify, and update IDS/IPS and Security Information Event Management (SIEM) tool rules.

• Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

• Be able to provide host-based forensics. • Evaluate/deconstruct malware (e.g. obfuscated code) through open-source and vendor provided tools.

• Task other analysts and directs efforts to analyze the IDS and remediate security issues found. •

Train other analysts in roles and responsibilities.

• Communicate alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems. Assists with implementation of counter-measures or mitigating controls.

• Assists with implementation of counter-measures or mitigating controls.

• Generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.

• Evaluate firewall change requests and assess organizational risk.

• Prepare briefings and reports of analysis methodology and results.

• Create and maintains Standard Operating Procedures and other similar documentation.

Education Five (5) years of professional work experience performing a similar technical discipline and a Bachelor’s Degree in Computer Science or related discipline.  Or, seven (7) years of professional work experience performing a similar technical discipline with no degree. 


Technical Disciplines include:

    Digital Media Forensics AnalystEmail Security AnalystMonitoring and Detection AnalystIncident Response AnalystVulnerability Assessment AnalystCyber Intelligence Analyst
Qualifications Experience (state type and preferred # years)


Five to Seven (5 – 7) years of related professional experience within Information Technology and/or Information Security or equivalent combination of education and work experience. Candidates must be able to work a flexible schedule within a 24x7x365 Security Operations Center (SOC) environment, as well as may be expected to work holidays. A good candidate should have some or all of the following traits: Excellent analytical and problem solving skills as well as interpersonal skills to interact with customers, team members and upper management; skilled in Cyber Security Incident Response and Network Security Monitoring; Excellent foundation in computer networking (TCP/IP), knowledge of Windows, Linux and Cisco operating systems and information security; Experience with ArcSight ESM, SIEM technologies, Splunk, McAfee NSM, antivirus, Wireshark, Microsoft Online Protection for Exchange (EOP), Firewalls and Sourcefire and/or similar tools highly preferred. Knowledge and experience with scripting and programming (Python, PERL, etc.) are highly preferred.


Unique/Additional Requirements



Desirable certifications include SANS GCIH, GCIA, GCFE, GREM, GXPN, GMON, OSCP, OSCE, OSWP, OSEE, Carnegie Mellon Certified Security Incident Handler, ISC2 CCFP, CCSP, CISSP, CHFI, EC-Council CHFI, LPT, ECSA and EnCase ENCE.