Job Searchi - jobSearchi.com

Job Details

ID #49552581
State District of Columbia
City Washington
Job type Contract
Salary USD TBD TBD
Source System One
Showed 2023-03-26
Date 2023-03-25
Deadline 2023-05-24
Category Security
Create resume

Master Level Cyber Defense Analyst/Intrusion Detection Team Shift Lead

District of Columbia, Washington, 20001 Washington USA

Vacancy expired!

Cyber Defense Analyst/Intrusion Detection Team Shift Lead/Subject Matter Expert (SME) Washington, DC - REMOTE US citizenship required per government contract Shift - 8am-8:30pm Sat-Sun AND 2 flexible 8 hour days 4pm-12:30am Monday-Friday Must have one or more of the following required certifications: Security Plus, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals ALTA is seeking inquisitive and problem-solving Master Level Cyber Defense Analyst/Intrusion Detection Team Shift Lead/Subject Matter Expert (SME) Tier III with 7 to 8 years of senior-level (Tier III) security operations center (SOC) experience to support a federal agency enterprise SOC. This position is slotted for Weekends 4th Shift 8:00 am to 8:30 pm Saturday and Sunday working as a Shift Lead and possible Senior Analyst if someone calls out sick. The additional hours will be made up working weekdays 2nd Shift Two flexible 8-hour days from 4:00 pm to 12:30 am Monday to Friday primarily as a Senior Analyst. The Program Manager and 2nd Shift Lead will help decide which two days of the week will work best with the shift needs and your schedule in our 247 SOC. The location is the Washington DC Metro area. There is some Flexibility of the shift hours Monday to Friday, depending on incidents and workloads as needed.

Key Responsibilities: • Lead and oversee all responses to cyber incidents, including responding to SOC IR phone calls and SOC emails • Act as a Subject Matter Expert in investigations for potential incidents identified by SOC Tier I & II analysts and Federal Watch Officer as needed • Work closely with the Federal Watch Officer and Program Manager to ensure that the shift is adequately staffed • Oversee and review all notable events created on your shift as the Shift Lead for the 4th Shift • Oversee and direct the investigation of phishing and identified potential cyber threats (phishing emails sent to the SOC) • Work with SOC federal staff and Incident Handlers to analyze, triage, contain, and remediate security incidents • Participate as needed in SOC Splunk engineer working group sessions, to include idea generation for new content rules for security alerting and reduction of false positives • Collaborate across the SOC organizational lines with Threat Hunt and Security Intelligence, while developing depth in your desired cyber discipline and/or technologies • Follow Federal IRP, SOC SOPs and other prudent documentation procedures in order to work and be effective while having an eye towards process improvement/effectivity • Knowledgeable on multiple technology and system types • Able to articulate the incident response lifecycle • Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches • Detect, collect and report cybersecurity incidents • Experience detecting and remediate malicious codes • Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate contractor and federal stakeholders • Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings • Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents • Support and help the Cyber Workforce Development Lead, go through tickets analyzing security annotations on documented incidents

Desired qualifications: • Experience with multiple types of attack types and attack vectors • Experience involving a range of security technologies that product logging data; to include wide area networks host and network IPS/IDS/HIPS traffic event review, server web log analysis, raw data logs and the ability to communicate clearly both orally and in writing • Experience utilizing Splunk SIEM 3 plus years, writing and creating Splunk Search Processing Language (SPL), creating and running queries, and performing analytics examination of logs and console events, as well as creating advance queries methods in Splunk or advance Grep Skills, firewall ACL Review, examining Snort based IDS events, PCAPS, and web server log review • Experience tracking incidents against a framework such as MITRE ATT&CK or Cyber Kill Chain methodology • Forensic investigation of emails for phishing campaigns, spam emails and malware analysis experience/exposure • Experience with multiple vendor technologies, such as Azure Sentinel, Microsoft 365 Security Center, FireEye (Trellix) suite of products, Domain Tools, Industry name Firewall/IPS, and OSINT tools • Experience using Helpdesk ticket capturing tools such as HEAT & ServiceNow • Ability to perform introspection of incident for after action reports to both technical and non-technical staff • Up to date understanding of threat vectors, attacker methodology and how they tie into the cyber kill chain or ATT&CK framework • Ability to step in and run the shift as the Shift Lead if he/she is out sick or running late to get to work

Requirements: • Bachelor Degree with 8+ years (or commensurate experience) • Specialized Skill Areas o Digital Forensics o Automation/Scripting o SIEM Exposure o Incident response triage o Threat hunting o Threat Intelligence o Security Annotation o Security Artifact Gathering • Must be able to obtain and maintain public trust • Must be a US Citizen • Work location Washington, DC, but remote while with COVID • Candidate must have one or more of the following required certifications: Security Plus, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals • Ability to go through all the steps of analyzation of malware within a virtual sandbox, reporting out and developing a belief description of the actions taken by the malware

Vacancy expired!

Subscribe Report job