Tier 3 Cyber Network Defense Analyst with Security Clearance
Base One Technologies
2024-11-05 15:40:20
Alexandria, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Our Franconia VA based client is looking for a Tier 3 Cyber Network Defense Analyst. This position requires an active TS/SCI clearance and DHS EOD. If you are qualified and interested in this opening, please forward a copy of your updated resume in word format to Must Have One of the Following J3 Certifications
SANS GIAC: GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, or GCIH. EC Council: CEH, CHFI, LPT, ECSA. ISC2: CCFP, CCSP, CISSP CERT CSIH.
Offensive Security: OSCP, OSCE, OSWP and OSEE Primary Responsibilities
Our Franconia VA based client is seeking a Tier 3 Cyber Network Defense Analyst to join our team on a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff. Department of Homeland Security (DHS) Enterprise Security Operations Center (ESOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication.
The Tier 3 analyst will provide support during core business hours and will also participate in an on-call rotational schedule.
Duties include proactively searching for threats. Inspect traffic for anomalies and new malware patterns. Investigate and analyze logs. Provide analysis and response to alerts when escalated from junior analysts, and document activity in SOC investigations and Security Event Notifications (SENs). Develop custom content within the SIEM or other network security tools to detect threats and attacks against the department. Tier 3 analysts participate in briefings to provide expert guidance on new threats and will act as an escalation point for M&A analysts. The analyst may also be required to author reports and/or interface with customers for ad-hoc requests. In addition, the Tier 3 analyst may be asked to participate in discussions to make recommendations on improving SOC visibility or process. Basic Qualification
Candidates shall have a minimum of five (5) years of professional experience in security, information risk management, or information systems risk assessment, and must be knowledgeable in many areas such as: Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web-filtering, and Advanced Threat Protection.
• Experience implementing security methodologies and SOC processes
• Extensive knowledge about network ports and protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)
• Experienced with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc).
• Hands-on experience utilizing network security tools (e.g. Sourcefire, Suricata, Netwitness, o365, FireEye, etc) and SIEM
• Experience training and mentoring junior analysts
• Expertise in developing custom SPL using macros, lookups, etc.
• Experience creating regex for pattern matching
• Extensive knowledge of common end user and web application attacks and countermeasures against attacks
• Experience creating SOPs and providing guidance to junior analyst
• Ability to analyze new attacks and provide guidance to watch floor analyst on detection and response
• Knowledgeable of the various Intel Frameworks (e.g. Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow
• TS/SCI clearance and DHS EOD is required Preferred Qualification
• Experience implementing security methodologies and SOC processes
• Experience developing custom workflows within Splunk to streamlines SOC processes
• Knowledgeable of APTs their capabilities and experience implementing appropriate countermeasures
• Experience in a scripting language (e.g. Python, Powershell, etc) and automating SOC processes/workflow
• Experience with performing cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiarity with cloud threat landscape