Tier 3 Security Analyst

Computer World Services Corp
Purcellville, VA
Apr 06, 2021
Apr 09, 2021
Full Time
Job Description Job Description As a Security Operations Center (SOC) Tier 3 Analyst, you will be analyzing / monitoring network traffic and providing advanced IT Security Incident Response, prevention, forensics, and threat hunting for a global implementation of Microsoft UC (Skype for Business). Primary Duties and Responsibilities Analysis and remediation of Security incidents escalated from the Tier 2 Security Operations Center (SOC) Analysts Monitor security sensors and review logs to identify intrusions Analyze and resolve high complexity technical and system problems Review vulnerabilities and track resolution Review and process threat intel reports Create and deliver Security assessment and custom security incident reports Develop custom filters to suppress false alerts and noise alerts Proactively look for suspicious anomalous activity based on data alerts or data outputs from various toolsets and SIEM platform Staying up to date with current vulnerabilities, attacks, and countermeasures Provide continuous real-time network monitoring and conduct ongoing near real-time analysis and mitigation of IA/Cybersecurity Defense events on the UC environment to defend and protect against anomalous activity Conduct formal incident reporting and document technical details and report to appropriate stakeholders Develop and maintain the body of documentation that articulates SOC support tactics, techniques, and procedures Maintain visibility of network defense threat conditions and emerging threats to the UC environment by monitoring external data sources Participate in investigation and validation efforts related to network alerts with government cyber security elements Analyze and correlate log files from a variety of sources within the UC environment to characterize anomalous activity Participate in coordinating network defense and response activities of ongoing network compromises and/or attacks with the Army cyber security elements Document the technical details using internal reporting database of suspected network incidents to support incident response and reporting requirements Conduct impact assessments and provide situational awareness of network events and attacks by correlating data sources from the UC environment Notify Customer and SOC Management Team, incident responders, and other team members of critical network incidents articulating the event's history, status, and potential impact Lead Critical Cyber Incident Response efforts as a senior technical security team member Collect and analyze network intrusion artifacts from a variety of data sources, including, system logs, network logs, system images and packet captures to guide mitigation efforts during confirmed network incidents within UC environment Coordinate with intelligence analysts to correlate threat assessment data Document and report incidents from initial detection through final resolution using standard DoD incident reporting channels and methods (refer to CJCSM 6510.01B, "Cyber Incident Handling Program," dated 10 Jul 2012 or later) Provide remote incident handling support such as forensics collections, intrusion correlation tracking, threat analysis, and direct system remediation tasks to onsite personnel Develop and publish incident response guidance and high-quality incident reports to appropriate stakeholders Upon resolution of network incidents, create custom signatures or correlation rules to detect future incidents as well as make UC environment protection recommendations to enhance passive resistance to future attack Maintain the computer network defense (CND) toolkit and provide appropriate readiness support to conduct cyber incident response Responsible for working in a 24x7 Security Operation Center (SOC) environment Provide analysis and trending of security log data from many heterogeneous security devices. Provide Incident Response (IR) support when analysis confirms actionable incident. Provide threat and vulnerability analysis as well as security advisory services Analyze and respond to previously undisclosed software and hardware vulnerabilities Investigate, document, and report on information security issues and emerging trends. Coordinate with Intel analysts on open source activities impacting SLTT governments. Integrate and share information with other analysts and other teams This position requires the ability to work shifts on a 24*7*365 schedule, including on-call Other duties as assigned or required Job Requirements Required Skills, Experience, and Certifications US Citizen with DoD Secret clearance or above Information Assurance Technical (IAT) Level of II or above (CompTIA Security+), and obtain Computing Environment (CE) certifications, within 180 days of hire 7+ years of related experience in a Security Operations Center capacity Certified and/or trained in one or more of the Security tracks from vendors like Cisco, Splunk, Microsoft Experience with manipulating large sets of data Experience in two or more of the following technical domains: network/host-based intrusion analysis, malware analysis, forensics, or cyber threat intel Capable of writing basic IDS signatures Ability to deploy and maintain basic network security tools Understand appropriate security architecture Knowledge of advanced threat actors and complex attacks Knowledge of TCP/IP and the underlying protocols Ability to perform basic packet analysis Understanding of NetFlow data In-depth knowledge of practices and procedures of operating systems, operating system utilities and sub systems and/or network technologies In-depth knowledge of log formats for syslog, http logs, DB logs and how to gather traceability back to event; knowledge of packet capture and analysis; experience with log management or security information management tools; experience with security assessment tools (NMAP, Nessus, Metasploit); ability to make information security risk determinations Possess excellent writing skills and the ability to communicate to technical and executive level staff Knowledge of regex and experience with one or more scripting languages like Python, Perl, Ruby etc. Expertise with and the ability to consult on ITSM, ITIL, and Info Security Best Practices. Candidates shall work on-site at one of the two AT NOC/SOCs located in Purcellville, VA or San Antonio, TX Desired Knowledge, Skills and Abilities Security Clearance DoD Secret is required to start (Interim Secret is acceptable) Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.) Personnel may be required to travel to alternate work locations as well as customer sites. EOE AA M/F/Vet/Disability EEO is the Law: www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf