Security Operations Center (SOC) Analyst Tier III

Alexandria, Virginia, United States

Applications have closed

Positions Available: 2 – CG-62 (Cybersecurity Analytics Support)

Remote Capability: TBD

Clearance Requirement: Top Secret, Active

Avint is seeking a senior Cybersecurity Analyst with SOC Level III experience to support a Federal Agency contingent award starting June 2022. This position is responsible for leading a team of first responders to protect security networks from data breaches or other cyber-attacks. In addition to monitoring the current data logs, focusing on studying data security trends and learning about new exploits that hackers might use to breach the company’s security network. Analyzing and reporting organizational and system security posture trends, as well as assessing the levels of security controls and configuration management processes. Implementing system security measures to resolve vulnerabilities, mitigate risks, and other system security measures in accordance with established procedures to ensure integrity and authentication.

Requirements

  • Respond to cyber incidents and act as a Subject Matter Expert in investigations for potential incidents identified by SOC Tier I & II analysts.
  • Investigate phishing and self-identified potential cyber threats (phishing emails sent to the SOC).
  • Work with SOC federal staff and Incident Handlers to analyze, triage, contain, and remediate security incidents.
  • Participate regularly in SOC Splunk engineer working group sessions, to include idea generation for new content rules for security alerting and reduction of false positives.
  • Follow Federal IRP, SOC SOPs, and other prudent documentation procedures in order to work and be effective while having an eye towards process improvement/effectivity.
  • Knowledgeable of multiple technologies and system types.
  • Able to articulate the incident response lifecycle.
  • Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches.
  • Detect, collect and report cybersecurity incidents.
  • Experience detecting and remediating malicious codes.
  • Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate contractor and federal stakeholders.
  • Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.
  • Conduct reviews and analysis of proxy logs, Microsoft Windows and active directory logs, orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents.

Technical Areas of Expertise

  • RMF Framework and Cybersecurity Framework.
  • Understanding of industry security and compliance statuses, standards, and policies.
  • Experience with multiple types of attack types and attack vectors.
  • Experience involving a range of security technologies that product logging data; to include wide area networks host and network IPS/IDS/HIPS traffic event review, server web log analysis, raw data logs, and the ability to communicate clearly both orally and in writing.
  • Experience utilizing Splunk SIEM 3 plus years, writing and creating Splunk Search Processing Language (SPL), creating and running queries, and performing analytics examination of logs and console events, as well as creating advance query methods in Splunk.
  • Experience tracking incidents against a framework.
  • Ability to perform introspection of incidents for after-action reports to both technical and non-technical staff.
  • Ability to go through all the steps of analysis of malware within a virtual sandbox, reporting out and developing a belief description of the actions taken by the malware.

Qualifications

  • Bachelor’s degree in a related field or technical discipline, or 8-10 years of equivalent work experience in similar roles within the DoD or Federal Government, such as intrusion detection examination.
  • Security + or another relevant IAT Level II Certification; IAT Level III: CISA, CISSP preferred.
  • Additional CCSP Incident Responder certifications like CEH, GCIH, etc. are a plus.
  • Core competencies include: computer network defense, data management, network security and management, infrastructure design, threat analysis, technology awareness, vulnerability assessment, system hardening. etc.

Benefits

Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, a unique 401K plan, and generous PTO and Federal Holidays.

Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!

Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

Tags: Active Directory Analytics CCSP CEH CISA CISSP Clearance Compliance DoD Exploits Firewalls GCIH IDS Incident response Intrusion detection IPS Log analysis Malware Monitoring Network security PCAP SIEM Splunk Top Secret Vulnerabilities Windows

Perks/benefits: 401(k) matching Career development Health care Team events

Region: North America
Country: United States
Job stats:  6  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.