Master Level Cyber Defense Analyst/Intrusion Detection Team Shift Lead (1st shift)
Company: GovCIO
Location: Washington
Posted on: March 19, 2023
Job Description:
GovCIO is seeking inquisitive and problem-solving Master Level
Cyber Defense Analyst/Intrusion Detection Team Shift Lead/Subject
Matter Expert (SME) Tier III with 7 to 8 years of senior-level
(Tier III) security operations center (SOC) experience to support a
federal agency enterprise SOC. This position is slotted for 1st
shift work of 8:00 am to 4:30 pm Monday to Friday within the 24x7
SOC. The location is the Washington DC Metro area. This is a
straight shift hours Monday to Friday, with one On-call rotation
for the SOC or weekend rotations monthly. There is some Flexibility
of the shift hours Monday to Friday, depending on incidents and
workloads as needed.
- Lead and oversee all responses to cyber incidents, including
responding to SOC IR phone calls and SOC emails.
- Act as a Subject Matter Expert in investigations for potential
incidents identified by SOC Tier I & II analysts and Federal Watch
Officer as needed.
- Work closely with the Federal Watch Officer and Program Manager
to ensure that the shift is adequately staffed.
- Oversee and review all notable events created on your shift as
the Shift Lead for the 4th
- Oversee and direct the investigation of phishing and identified
potential cyber threats (phishing emails sent to the SOC).
- Work with SOC federal staff and Incident Handlers to analyze,
triage, contain, and remediate security incidents.
- Participate as needed in SOC Splunk engineer working group
sessions, to include idea generation for new content rules for
security alerting and reduction of false positives. Collaborate
across the SOC organizational lines with Threat Hunt and Security
Intelligence, while developing depth in your desired cyber
discipline and/or technologies.
- Follow Federal IRP, SOC SOPs and other prudent documentation
procedures in order to work and be effective while having an eye
towards process improvement/effectivity.
- Knowledgeable on multiple technology and system types.
- Able to articulate the incident response lifecycle.
- Manages and responds to computer security incidents that
involve enterprise systems and data including personally
identifiable information (PII) breaches.
- Detect, collect and report cybersecurity incidents.
- Experience detecting and remediate malicious codes.
- Helps improve the overall security posture by independently
verifying the security of enterprise systems, and to ensure the
timely dissemination of security information to the appropriate
contractor and federal stakeholders.
- Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts,
Anti-malware alerts, Host Intrusion Prevent System (HIPS), and
server and application logs to investigate events and incidents for
anomalous activity and produce reports of findings,
- Conduct reviews and analysis of proxy logs, Microsoft Windows
and Active Directory logs, Orchestrator logs, and malicious code to
identify, contain, eradicate, and ensure recovery from
incidents.
- Support and help the Cyber Workforce Development Lead, go
through tickets analyzing security annotations on documented
incidents.Required Qualifications
- Bachelor's with 12+ years (or commensurate experience)
- Experience in below:
- Digital Forensics
- Automation/Scripting
- SIEM Exposure
- Incident response triage
- Threat hunting
- Threat Intelligence
- Security Annotation
- Security Artifact Gathering
- Candidate must have one or more of the following required
certifications: CERT Certified Computer Security Incident Handler,
CEH Certified Ethical Hacker, CISSP, GCIH Certified Incident
Handler, GISF Information Security Fundamentals
- Must be able to obtain and maintain a public trust.
- Must be a US Citizen.
- Work location Washington, DC, but remote while with COVID.
(Will be expected to come onsite as the migration back to the
office continues)1st shift work of 8:00 am to 4:30 pm Monday to
Friday within the 24x7 SOC. The location is the Washington DC Metro
area. This is a straight shift hours Monday to Friday, with one
On-call rotation for the SOC or weekend rotations monthly.
Desired Qualifications
- Experience with multiple types of attack types and attack
vectors.
- Experience involving a range of security technologies that
product logging data; to include wide area networks host and
network IPS/IDS/HIPS traffic event review, server web log analysis,
raw data logs, and the ability to communicate clearly both orally
and in writing.
- Experience utilizing Splunk SIEM 3 plus years, writing and
creating Splunk Search Processing Language (SPL), creating and
running queries, and performing analytics examination of logs and
console events, as well as creating advance query methods in Splunk
or advance Grep Skills, firewall ACL Review, examining Snort based
IDS events, PCAPS, and web server log review.
- Experience tracking incidents against a framework such as MITRE
ATT&CK or Cyber Kill Chain methodology.
- Forensic investigation of emails for phishing campaigns, spam
emails, and malware analysis experience/exposure.
- Experience with multiple vendor technologies, such as Azure
Sentinel, Microsoft 365 Security Center, FireEye (Trellix) suite of
products, Domain Tools, Industry name Firewall/IPS, and OSINT
tools.
- Experience using Helpdesk ticket capturing tools such as HEAT &
ServiceNow.
- Ability to perform introspection of the incident for
after-action reports to both technical and non-technical staff
- Up to date understanding of threat vectors, attacker
methodology, and how they tie into the cyber kill chain or
ATT&CK framework.
- Ability to step in and run the shift as the Shift Lead if
he/she is out sick or running late to get to work.
- Ability to go through all the steps of analysis of malware
within a virtual sandbox, reporting out and developing a belief
description of the actions taken by the malware.
Keywords: GovCIO, Washington DC , Master Level Cyber Defense Analyst/Intrusion Detection Team Shift Lead (1st shift), Professions , Washington, DC
Didn't find what you're looking for? Search again!
Loading more jobs...