Security Operations Analyst - Subject Matter Expert (SOC)
- Reston, VA
LOCAL CANDIDATES ARE PREFERRED
MUST BE US CITIZEN AND ABLE TO GET SECRET CLEARANCE!
A Security Operations Analyst is responsible to the Director of Security Operations for the successful support of the client's corporate information security program, security operations center, customers, and communicating with internal teams to improve the client's tools based on use and customer feedback.
This person will possess deep technical knowledge on several security/network technologies, experience interacting with customers, and experience with DevOps/product management teams. Analysts will also be responsible for maintaining communications with the SOC Lead, SOC Engineers, DevOps, and other department technical experts across the company related to cybersecurity events/response/support.
The Security Operations Analyst is responsible for the day-to-day operational tool effectiveness and efficiency ensuring the support of internal/customer operational needs and developing new and unique detections.
This role ensures that the SOC tools are fully operational, support documentation is created/maintained, and working with DevOps/product management for improvements based on customer and internal analyst feedback.
The role is also responsible for identifying and protecting the client's corporate and its customers from new risks and threats. To be successful in this role the individual must maintain an advanced level of understanding of the technologies involved with networking, security, analysis, and support operations.
As a Security Operations Analyst, you will be responsible for
- Monitoring, analyzing, and detecting Cyber events and incidents within operations supervision.
- Consult on integrated cybersecurity defense and leverage solutions to administer cybersecurity operational services including; intrusion prevention/detection, situational awareness, security events, data spillage, and incident response actions.
- Participate in testing, deploying, and administering the infrastructure hardware and software required to effectively manage the organization’s operational services, as needed.
- The client's SOC will be set up and structured to monitor and support the client's OS core, as well as our customer deployments.
- Our ideal candidate will have a strong work ethic, fantastic attitude, and be comfortable tackling any challenge set before him or her.
We provide significant flexibility and autonomy to team members, have high expectations, and expect everyone to contribute meaningfully to our broader collective goals.
- This is a Subject Matter Expert (SME) technical role. The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple technical operations areas and business segments
- Prevent, detect, and respond to cybersecurity and other operational needs
- Contributes to the development and maintenance of the operations Center to support business priorities
- Develops and leads Security Operations Analysts to ensure security threat information, system log information, and sources of external intelligence are combined to provide real-time response to cyber events
- Defines, gathers, and reports on metrics regarding all of the security operations center
- Coordination with the client's internal departments to support business requirements related to daily operational needs, including but not limited too; network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN management
- Automating and streamlining test network deployment operations and processes to maintain timely testing and security of the client's OS
- Working collaboratively across teams to ensure consistent, performant, appropriate and secure cyber controls
- Participates as needed in all phases of cybersecurity program development with an emphasis on the planning, analysis, testing, integration, documentation, and presentation phases
- Applies principles, methods, and knowledge of the functional area of capability to specific task order requirements, to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions.
- Identifying and incorporating open-source information security tools
- Troubleshooting and resolving issues in development, test and production environments
- Supporting and assisting in deployments and client integrations as needed
- Reside in the greater Washington D.C. area or able to relocate
- Bachelor's Degree or 4 years of relevant work experience
- Minimum of 3-5 years of experience in roles related to cybersecurity operations performing cybersecurity analysis, process and procedures
- Willing to work shifts to support 7/24 operations, including weekend and on-call coverage
- 3-5 years of hands-on experience using SEIM, firewall, IDS/IPS, proxy, DLP, and/or virtualization tools in support of detection, response, mitigation, and/or reporting of cyber threats affecting systems and networks
- Experience in cybersecurity intrusion detection/analysis/response and creating new rules and filters in a variety of tools to support these actions
- Understanding of Cloud-based services supporting production SaaS platforms including web applications and data analytic services
- Knowledge of IT Security principles, techniques, and technologies
- Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures.
- Knowledge and understanding in computer evidence seizure, computer forensic analysis, and data recovery, network forensics, and system log analysis.
- Experience with current cyber threats and the associated tactics, techniques, and procedures used to exploit computer networks.
- Knowledge of performing risk, business impact, control, and vulnerability assessments.
- Broad knowledge of security best practices, security solutions, and methodologies for conducting advance security assessments, to include manual assessments and malicious user testing
- Proficient working with various Infrastructure tools/technologies such as SCCM, GPO, Active Directory/Kerberos
- Strong background in Microsoft Windows and Linux/Unix
- Experience in developing and deploying critical security architecture solutions such as SEIM, Firewalls, IDS/IPS, Proxies, DLP, Virtualization, and Host security solutions.
- Experience with Vulnerability scanners like Nessus, MVM, Qualys, etc.
- Understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics, and Monitoring.
- Knowledge of Networking protocols and technologies, e.g. TCP/IP, firewalls, routers, etc.
- Experience in working in cybersecurity operations (CSOC, SOC, CIRT, CSIRT) enterprise environment
- Excellent communication skills – both written and verbal
- Effective organizational skills with strong attention to detail
- Collaborative in nature
- Experience and interest in security considerations for large-scale distributed systems, API-driven services, and API vulnerability assessment
- Experience in a 7/24 cybersecurity operations environment for 5 or more years
- Interest/experience in DevOps and deployment associated with containerization and container orchestration technologies such as Docker and Mesosphere
- Ideas on how to do cybersecurity operations differently
- Malware analysis experience using sandbox’s or with static analysis
- Experience with program/scripting languages such as; Python, C, C++, JSON, PowerShell, Bash, etc....
- Good understanding of frameworks such as ISO 17799/27001/27002, and other relevant compliance such PCI, HIPPA, SOX, NERC, FISMA, FFIEC, SOC 1/2/3, and GLBA and others
- IT Security Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, etc.