Sr. Cloud CyberSecurity Operations Analyst (Top Secret Clearance)

Employer
ECS Federal
Location
Washington, DC
Posted
Feb 22, 2021
Closes
Feb 24, 2021
Ref
1750681556
Hours
Full Time
ECS is seeking a Cybersecurity Ops Analyst Senior-Cloud Security to work in our Washington, DC office.Job Description:The candidate(s) will be the organization's technical analyst that will assess required Cyber Operations capabilities in multiple cloud environments (O365, Azure, AWS, Oracle) and develop appropriate detection measures in a mixed Elastic and Splunk environment. The candidate will perform analysis of available cloud environment data feeds, network monitoring and filtering systems (inc. IDS/IPS), and endpoint protection platforms in order to develop unified detection measures. Ensuring the rigorous application of information security/information assurance policies, principles, and practices. Use Network, Host and Cloud Based data to drive detection, monitoring, and response capabilities Research, design, and implement cybersecurity solutions to protect sensitive information in AWS, Azure, and GCP Investigate new techniques, break free from the legacy model, and go where the industry is going Provide systems security authorization support and oversee information security activities related to the deployment of an emerging enterprise cloud solution Drive security accreditation support and maintain authorization to account for any new capabilities deployed to the enterprise cloud Evaluate container security to support dynamic and immutable cloud infrastructure Bring experience with implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF, and Security regulations and how to apply native cloud security and monitoring services in the Cloud, including network firewalls, access control lists, encryption, auditing and monitoring, alerting, secrets management, and compliance scanning Create detection analytics based off the MITRE ATT&CK Framework and other security frameworks Perform unique research on adversarial Tools, Techniques, and Procedures (TTPs) Aid the Ops team in response to incidents by analyzing host behavior and network traffic Authorized to view audit records on Central Log Server Authorized to view alerts of IDS/IPS Authorized to modify auditable events on Central Log Server Overtime may be required as needed to support incident response actions (Surge)Required Skills: Bachelor's degree in Cybersecurity or IT field Must have a Top-Secret Clearance with SCI Eligibility Research, design, and implement cybersecurity solutions to protect sensitive information in AWS, Azure, and GCP Investigate new techniques, break free from the legacy model, and go where the industry is going Provide systems security authorization support and oversee information security activities related to the deployment of an emerging enterprise cloud solution Drive security accreditation support and maintain authorization to account for any new capabilities deployed to the enterprise cloud Evaluate container security to support dynamic and immutable cloud infrastructure Bring experience with implementing controls from NIST 800-53, FedRAMP, ICD 503, RMF, and Security regulations and how to apply native cloud security and monitoring services in the Cloud, including network firewalls, access control lists, encryption, auditing and monitoring, alerting, secrets management, and compliance scanning Create detection analytics based off the MITRE ATT&CK Framework and other security frameworks Perform unique research on adversarial Tools, Techniques, and Procedures (TTPs) Aid the Ops team in response to incidents by analyzing host behavior and network traffic Authorized to view audit records on Central Log Server Authorized to view alerts of IDS/IPS Authorized to modify auditable events on Central Log Server Overtime may be required as needed to support incident response actions (Surge)Desired Skills: Preferred proficiencies in some of the following disciplines: Network traffic analysis and host-based log analysis Comprehensive understanding of enterprise Windows security (Active Directory) Static and Dynamic malware analysis Practical knowledge in at least one scripting or development language (eg PowerShell or Python) Must have working familiarity with two of the following products: FireEye Splunk Elastic Carbon Black Response Fidelis Network Strong written and verbal communication skills Strong understanding of common enterprise technologies Ability to convey extremely technical concepts to audiences with varying technical understandingECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.