As a Security Operations Center (SOC) Analyst, you will be analyzing monitoring network traffic and providing advanced IT Security Incident Response for a global implementation of Microsoft UC (Skype for Business). In this role, you will be responsible for the following Validation and analysis of investigations escalated from the Tier 1 Security Operations Center (SOC) Analysts Analyzes medium to high complexity technical and system problems related to security events Provide documentation of the investigation determine the validity and priority of the activity and escalate to a Cyber Defense Team, as needed Communicates directly with the Application owners and business owners during high severity incidents Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets and SIEM platform Manages and assures threat feeds are received, aggregated, reviewed, tickets and acted upon accordingly Feeds data back to threat feed sources, where appropriate, of new threats found during internal investigations Manage white list and black list in SIEM and disseminates to appropriate operators for tool policy updates or setting updates in security tools Staying up to date with current vulnerabilities, attacks, and countermeasures Develops solutions and provides recommendations to enhance overall security posture, reduce false positives, and optimize Time to Detection and Time to Remediation metrics Responsible for working in a 24x7 Security Operation Center (SOC) environment Provide analysis and trending of security log data from a large number of heterogeneous security devices. Provide Incident Response (IR) support when analysis confirms the actionable incident. Provide threat and vulnerability analysis as well as security advisory services Analyze and respond to previously undisclosed software and hardware vulnerabilities Investigate, document, and report on information security issues and emerging trends. Coordinate with Intel analysts on open source activities impacting SLTT governments. Integrate and share information with other analysts and other teams Other duties as assigned Knowledge, Skills, and Abilities Familiarity with various network and host-based security applications and tools, such as network and host assessmentscanning tools, network and host-based intrusion detection systems, and other security software packages General knowledge of practices and procedures of operating systems, operating system utilities and subsystems andor network technologies Knowledge of network security zones, firewall, IDS Knowledge of log formats for syslog, http logs, DB logs and how to gather traceability back to event knowledge of packet capture and analysis experience with log management or security information management tools experience with security assessment tools ability to make information security risk determinations Knowledge of regex and experience with one or more scripting languages like Python, Perl, Ruby etc. Familiarity with and the ability to follow ITSM, ITIL, and InfoSecurity Best Practices Candidates must be able to work on-site at Federal Agency located in the Vienna, VA or San Antonio, TX areas Authorized to work in the US without sponsorship now or in the future The ability to communicate security events, potential impacts, and actions taken to higher-tier resolvers and management team Certifications and Experience Hold at least a US Secret Clearance Meets IAT II Certification requirements Security+ Certification is required Certified andor trained in one or more of the Security tracks from vendors like Cisco, Splunk, Microsoft 4-5 years of related experience in a Security Operations Center capacity Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), Cyber Defense Team (CDT) or a Security Operations Center (SOC)