SOC (Security Operations Center) Analyst - Night Shift

Quadtec Solutions, Inc
Washington, DC
Apr 20, 2017
Apr 21, 2017
Full Time
Two different shifts are available for this position. Shift 1: Monday - Friday: 7pm - 3:30am Shift 5: Two weekday evenings plus weekends 7pm - 7:30 am Candidate MUST have previous SOC environment experience and be a US citizen. Experience performing recent hands-on IDS analyst duties in a SOC (federal preferred) environment (operational and technical with security analysis) is required and critical! 5 years threat management experience in a security operations environment 2 years as a SOC analyst level 3 performing security event and correlation monitoring Firm understanding of incident response, signature tuning, and network protocols; web server defense; how attackers were generating the traffic; solid knowledge of DNS and how it works; TCP Headers; Web attack vectors and malware analysis. Strong background w/indepth analysis of security events and the ability to triage security events to determine which were real incidents. -Ability to be granted Public Trust clearance Network Topology: Quickly understand network routes taken by various assets in use on the networksFirm understanding of security zones, VLANs, or interface context as associated with the networksIntrusion Prevention: Detecting and blocking malicious network traffic Signature tuning False positive reduction TCP/IP manipulations Understanding of evasion strategies Detecting various attack vectors Email security techniques Data recovery techniques Timestamp & File system analysis Log parsing and correlation Event Analysis: Determine the purpose and/or outcome of security events as they are being observed in the logs and do discovery on activity events Ability to analyze report on packet captures Solid knowledge of Windows OS, Linux OS, create virtual sandbox(s) to create minor shell scripts or VB/Access to support data extraction correlation and discovery Network Forensics: Firm understanding of network and operating system forensics Chain of Custody and evidence collection Identify malware and suspicious activity patterns in firewall, router, and server logs when an IPS has not detected the activity (ingress and egress)Review IPS event activitiesInterpret format, syntax, and contexts used within Cisco firewall ACL configuration filesReport risks and security events related malicious activity which may be dropped by the router interface prior to reaching further defense-in-depth controlsTraining: Train customer personnel Required Intrusion Prevention Systems Experience: SourceFire, Cisco and Enterasys Required Security Information and Event Management (SIEM) Experience: Trustwave and Arcsight SIEM