SOC Analyst II

About The Position

Requirements

• As a requirement of this position, all candidates must be a U.S. Citizen in accordance with 8 U.S.C. 1324b(a)(2)(C).
• Must hold an active DOD Top Secret Clearance.
• At least three (3) years of professional experience in incident detection and response, malware analysis, or cyber forensics and a bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field.
• Hold at least one certification as required by Dept. of Defense (DoD) 8570.01-M and DoD Directive 8140.01, IAT Level II or higher.
• Must hold at least one of the following additional certifications: CompTIA CASP+, GIAC GCIH, Microsoft AZ-500, Microsoft SC-200, Splunk Core Certified Advanced Power User
• Must have extensive experience working with various security methodologies, standard operating procedures, processes, and workflows. Experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices.
• Experience with some or all of the following is required: Computer networking concepts, OSI model, and network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services, and network security
• Host/network access control mechanisms (e.g., access control list, capabilities lists).
• network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Network traffic analysis methods and packet-level
• Cyber threats and vulnerabilities; cyber-attack stages, classes of attacks and attackers; cyber defense and information security policies, procedures, and
• Incident response and handling methodologies, incident categories, and timelines for
• Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Malware analysis concepts and
• cloud service models and how those models can limit incident
• Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
• System administration, network, and operating system hardening techniques as well as data backup and
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Experience with the following: JIRA (Atlassian issue tracking system), Palo Alto Firewall, SNORT IDS, AlienVault SIEM, Barracuda Mail Spam / Virus Firewall, and HBSS.
• This team operates in a 24/7 shift environment. 1st, 2nd and 3rd shifts run Monday – Thursday or Friday – Monday, are 10 hours per day and rotate every 3 months.

Responsibilities

• Use intrusion detection technologies to apply techniques for identifying host and network-based intrusions.
• Create, update, and resolve incident tickets that have been tasked to Tier II and appropriately document all alerts and incidents in the ticketing system.
• Review asset discovery and vulnerability assessment data.
• Lead incidents from alert to resolution:
• Leverage emerging threat intelligence (Indicators of Compromise, updated rules, etc.) to identify affected systems and the scope of the attack.
• Review and collect asset data (logs, configurations, running processes, ) on these systems for further investigation.
• Determine and direct remediation and recovery efforts including tasking of IHT1 as needed.
• Determine and request engineering, forensics, or threat intelligencesupport.
• Inform and brief status of incidents to CSOC manager, CISO, DCIO, or CIO.
• May manage and configure security monitoring tools (SIEM, IDS, Firewall, Access Control Lists, etc.) to mitigate existing threats / vulnerabilities.
• Interface and take guidance from the CSOC manager (government position).
• Review trouble tickets generated by Tier 1.
• Review threat intel and create notifications and share with specified personnel.
• Handle other tasks that tier II level of experience and talent can complete.
• Design incident response for cloud service models.
• Perform damage assessments.
• Preserve evidence integrity according to standard operating procedures or national standards.
• Protect networks against (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• Recognize and categorize types of vulnerabilities and associated attacks.
• Secure network communications.
• Use security event correlation Tools.
• Identify, capture, contain, and report malware.
• Utilize the SOC standard operating procedures (SOP) to perform daily tasks, resolve incidents and preserve evidence integrity. May provide input for and assist with updating procedures.

Benefits

• AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.