SOC Analyst - Hybrid
Falls Church, VA
Applications have closed
Job Title: Information Security Spec II
Location: 3170 Fairview Park Drive Falls Church, Virginia 22042 (Hybrid)
Clearance Level: Active DoD - Secret
Required Certification(s):
- DoD IAT Level III Certification.
SUMMARY
XOR Security an Agile Defense Company is seeking qualified candidates to join our team on the Army National Guard (ARNG) Guard Enterprise Cyber Operations Support (GECOS) project. The GECOS project is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, computing, storage, infrastructure, applications, hosting, and program management services. The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services.
JOB DUTIES AND RESPONSIBILITIES
- Review the ingestion of cyber news feeds, signature updates, incident reports, threat briefs, and vulnerability alerts from external sources and determine its applicability to the environment.
- Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.
- Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
- Respond to computer security breaches and viruses.
- Perform correlation activities and trend analysis to discover attack patterns and assess the risks and potential exposure of assets.
- Ensure continued security of the network and proactive enhancement of cybersecurity to meet evolving and emerging threats, to include compliance with DoD Risk Management Framework (RMF) and continuous monitoring requirements.
- Be responsible for ensuring monitoring enterprise systems, defending against security breaches, and identifying, investigating, and mitigating cybersecurity threats including managing the operation of the SOC and the performance of ARNG RCC-NG SOC activities 24/7/365 to protect DOD information systems and infrastructure.
- Compile and interpret the information received about emerging threats at different classification levels through data feeds from Internet security firms, Government organizations, private industry, and foreign governments into actionable monitoring either by developing custom content or by means suggested by the contractor.
- Identify potential threats based on utilized hardware and software and identify current and evolving hacking tools and methodologies available to disrupt these systems.
- Correlate data feeds and logs to analyze with known threats and incidents.
- Build, implement, and refine event correlation rules, logic, content, and analysis techniques that will enable SOC personnel to correlate events and security incidents with specific sources, such as individuals, threat actors, IT systems, devices, and IP addresses.
- Responsible for performing correlation activities and trend analysis to discover attack patterns and assess the risks and potential exposure of assets and develop and enhance correlation rules, logic, and analysis techniques for associating data.
- Determine risks to the enterprise and develop mitigations and/or countermeasures in coordination with the RCC-NG.
- Assist with the authoring and review of cyber intelligence information based on knowledge of adversary capabilities, intentions, and Techniques, Tactics, and Procedures (TTPs).
- Fuse cyber threat, vulnerability, and asset management information from strategic partners across the network.
- Report cyber threat, vulnerability, and asset management data to ARNG leadership and the RCC-NG.
- Provide situational awareness to other SOC analysts, incident responders, ARNG leadership, RCC-NG, and strategic enterprise level decision makers.
- Communicate methods for detecting activities of specific threats and plan operations to mitigate or disrupt the threat as part of the overarching CND.
- Collaborate in the development of enterprise-level playbooks for automation and orchestration.
SUPERVISORY DUTIES
- Provides guidance to junior-level staff, as necessary.
QUALIFICATIONS
Required Certifications
- Possess the appropriate baseline certifications to achieve DoD 8570.01-M Information Assurance Technical (IAT) Level III
Education, Background, and Years of Experience
- BA/BS or higher in a related field.
- 5 years of experience in security engineering, with a focus in data feeds and Computer Network Defense (CND).
ADDITIONAL SKILLS & QUALIFICATIONS
Required Skills
- Experience managing firewall, SIEM tools, IDS/IPS, and router ACL policies.
- Experience with vulnerability management assessment and mitigation.
- An active Secret DoD Security Clearance.
Closing Statement:
XOR Security an Agile Defense Company offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security an Agile Defense Company is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Automation Clearance Clearance Required Compliance DoD DoDD 8570 Firewalls IDS IPS IT infrastructure Monitoring Risk management Security Clearance SIEM SOC TTPs Vulnerability management
Perks/benefits: 401(k) matching Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs