SOC Analyst / Active DOD Secret or higher

Location: Fort Lee, VA
Date Posted: 09-20-2018
Temp-to-hire
Active Secret clearance required
All qualified resumes will be responded to within 24 hours or less


Candidates will provide shift work in support of monitoring a 24x7x365 Security Operations Center (C2SOC).  Primary responsibilities include but are not limited to: Monitor, detect, analyze, investigate, report, and track security-related “events” such as signs of intrusion, compromise, misuse, and compliance. Utilize provided sensors, systems, tools to monitor networks and systems for signs of intrusion, compromise, misuse, and non-compliance. Proactively monitor and track down anomalies, non-compliant systems, and other observed events that are detrimental to the overall security posture of the IT infrastructure. Support detection of vulnerabilities and sophisticated and nuanced attacks, discern and remove false positives, and analyze the information generated by systems. Support scanning of devices on the network for network and system vulnerabilities. Support daily analysis of security logs to detect incidents. Support generation of metrics and reporting on a regular basis. Perform additional tasks or duties as assigned. Perform analysis of log files from a variety of sources within the Network Enclave (NE) or enclave, to include individual host logs, network traffic logs / packet captures, firewall logs, and intrusion detection system logs at least daily. Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. Assist in the construction of signatures which can be implemented on CND network tools in response to new or observed threats within the NE or enclave. Monitor appropriate security bulletins and report any security issues that may impact the IDS to the DeCA Computer Network Defense Service Provider (CNDSP) Manager, CNDSP Incident Responders, DeCA CIRT Lead, other CNDSP related personnel and DeCA Information Assurance personnel. IDS logs, databases, and security incident response reports are to be prepared and maintained. Receive and analyze network alerts from various sources within the NE or enclave and determine possible causes of such alerts. Review and respond to events identified in the Host-Based Security System (HBSS). Coordinate with enclave CND staff to validate network alerts. Notify CND managers, CND incident responders, and other CNDSP team members of suspected CND incidents and articulate the event’s history, status, and potential impact for further action. An analysis of any suspicious internal and/or external action must be accomplished and reported to DeCA CNDSP management based on established guidelines. Perform event correlation using information gathered from a variety of sources within the NE or enclave to gain situational awareness and determine the effectiveness of an observed attack.
 
Required: Bachelor’s Degree or the equivalent. Minimum of two years of experience working in an operations center or in a setting in which the primary responsibility is in collecting, analyzing, interpreting information, and remediation of incidents/events.  Two years of experience with information systems and capable of managing records projects using both electronic and manual systems is required. Must have the following certifications: DoD 8570 IAT Level II - Security+ or equivalent, DoD 8570 CNDSP Analyst – CEH, GCIH, or GCIA. Demonstrate knowledge of IA and CND principles, concepts, and methodologies, such as: Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), RSA EnVision, BlueCoat, Wireshark, Splunk, Sourcefire, and Gigamon.
 
Candidate must possess an Active Secret Clearance
or
this job portal is powered by CATS