Tier 2 M&A Night Front Shift Lead with Security Clearance

Employer
Base One Technologies
Location
Alexandria, VA
Posted
Feb 18, 2021
Closes
Mar 03, 2021
Ref
1750535427
Function
IT, Security Engineer
Hours
Full Time
Our Franconia VA based client is looking for a Tier 2 M&A Night Front Shift Lead in Franconia VA . This position requires an active Minimum of current Secret with ability to obtain TS/SCI Clearance. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program. If you are qualified for this position. Please email me your updated resume in word format to Work location: Walker Lane, Franconia VA Shift: Night Shift Front o Day: 7 AM to 7 PM o Night: 7 PM to 7 AM o Front: Sunday through Tuesday, with alternating 8-hour shifts every other Wednesday o Back: Thursday through Saturday, with alternating 8-hour shifts every other Wednesday Must Have One of the Following J3 Certifications Must have at least one of the following certifications: SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH EC Council: CEH, CHFI, LPT, ECSA ISC2: CCFP, CCSP, CISSP CERT CSIH Offensive Security: OSCP, OSCE, OSWP and OSEE Primary Responsibilities Duties include network security monitoring and detection. Proactively searching for threats. Inspect traffic for anomalies and new malware patterns. Investigate and analyze logs. Provide analysis and response to alerts, and document activity in SOC investigations and Security Event Notifications (SENs) and may be requested to peer review and publish SENs and block requests. The Tier 2 analysts will also act as a back-up shift lead and an escalation point for junior analysts. The analyst may also be required to author reports and/or interface with customers for ad-hoc requests. In addition, the tier 2 analyst may be asked to participate in discussions to make recommendations on improving SOC visibility or process. Analysts will: Utilize a SIEM for enterprise monitoring and detection Create Security Event Notifications to document investigation findings Perform critical thinking and analysis to investigate cyber security alerts Analyze network traffic using enterprise tools (eg Full PCAP, Firewall, Proxy logs, IDS logs, etc) Collaborate with team members to analyze an alert or a threat Stay up to date with latest threats Utilize OSINT to aid in their investigation and extrapolate data to pivot and identify other malicious IOCs Have familiarity with dynamic malware analysis and experience analyzing malicious websites Have experience performing analysis of network traffic and correlating diverse security logs to perform recommendations for response Utilize the Cyber Kill Chain in their analysis Review and provide feedback to junior analysts investigation Review and implement network counter measures Contribute to SOP development and updating Attend briefings and take appropriate actions to defend the enterprise Help cross train junior analyst Contribute to content tuning and development in coordination with tier 3 analysts Basic Qualification Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, experience configuring and implementing various of technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices, and must possess expert knowledge in two or more of the following areas related to cybersecurity: Vulnerability Assessment Intrusion Prevention and Detection Access Control and Authorization Policy Enforcement Application Security Protocol Analysis Firewall Management Incident Response Encryption Web-filtering Advanced Threat Protection Minimum of current Secret with ability to obtain TS/SCI Clearance. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program. Preferred Qualification The ideal candidate is a self-motivated individual in pursuit of a career in cyber security. knowledgeable about security methodologies and SOC processes Experienced working in a SOC and supporting SOC operations Knowledgeable about network ports and protocols (eg TCP/UDP, HTTP, ICMP, DNS, SMTP, etc) Experienced with network topologies and network security device functions (eg Firewall, IDS/IPS, Proxy, DNS, etc). Hands-on experience utilizing network security tools (eg IDS/IPS, Full PCAP, WAF, etc) and SIEM Experience analyzing PCAPs and network logs. Knowledge of common end user and web application attacks and countermeasures against the attack Experience training and mentoring junior analysts Experience with creating custom SPL Experience creating SIEM and/or IDS content Knowledgeable of common end user and web application attacks Experience creating SOP and providing guidance to junior analyst Understanding of APTs and TTPs Understanding of various Threat Intel Frameworks (eg CKC, MITRE ATT&CK, Diamond model, etc) Able to extrapolate data to pivot and take actions as necessary Perform critical thinking and analysis to investigate cyber security alerts Experience in a scripting language (eg python, powershell, Javascript, VBS etc) Familiarity with cloud (eg o365, Azure, AWS, etc) security monitoring