SOC Analyst

Lensa is the leading career site for job seekers at every stage of their career. Our client, Keen Logic, is seeking professionals in Vienna, VA. Apply via Lensa today!

KeenLogic is seeking to hire an Information Security Operation Analyst (SOC Analyst) to join our team at the Drug Enforcement Administration. The Information Security Analyst is responsible for designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information.

This is a full-time position offering Fortune 500-level health/dental/vision, PTO, 401k, and Life Insurance. This is an onsite role with a daily schedule Core Hours: 10 AM to 2 PM, flexible start time based in Merrifield, VA.

About The Role

This is a Security Operation Center position. This position primarily focuses on cybersecurity incident detection and response. Other primary areas of focus would be: zero-day events, utilizing cybersecurity tools to conduct investigations and analysis of events, Utilizing the seven steps of the Incident Response process.

All the duties listed support one or more of the following cybersecurity related functions; information security, SA&A, incident response, cyber security, insider threat, computer forensics, vulnerability assessment and management, network data capture, intrusion detection, log management, auditing, security incident and event management (SIEM), and penetration testing.

Personnel assigned to this role will serve primarily on the Operations & Response (O&R) Team; this role may also support the Vulnerability Assessment and Penetration Test (VAPT) and Engineering teams. This position is also responsible for coordinating with both the Cybersecurity Services Section and other sections or divisions within the client’s organization. These may include, but are not limited to, IT Operations, Engineering & Integration, Software Operations, and the Office of Investigative Technology.

Required Qualifications:

MUST BE A U.S CITIZEN WITH AN ACTIVE SECRET CLEARANCE OR TOP SECRET CLEARANCE

• Must be eligible for a Top-Secret clearance, if requested
• Bachelors degree and 10 years in Information Security
• Masters degree and 14 years in Information Security
• Any combination of certificates such as Microsoft’s MCSE, or Cisco’s, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience/information technology experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II or III may be considered equivalent to two (2) years of information security experience.
  
  

Preferred Qualifications:

• CompTIA CySA cybersecurity analyst certification
• Cybersecurity Incident response and Detection experience.
• Experience in cybersecurity event triaging. Utilizing the seven steps of the Incident Response Process – (IRP)
• Security Operation Center Experience – (SOC)
• Conducting cyber event investigations to determine root cause of the event. Determining if the event is a True/False Positive.
• Creating rules, thresholds, and policies associated with cybersecurity tool platforms designed to prevent Indicators of Compromise/Attack from occurring. IOC’s/IOA’s
• Verification & Validation of information, containment, eradication, and recovery from incidents.
• Experience in validating Hash’s Malicious IP’s, URL’s
• Experience in investigating malicious emails and payloads.
• Requirements analysis, program development activities, architecture, engineering, integrating, developing and/or deploying information technology products (hardware and software) in an enterprise environment.
• Ability to create and monitor multiple cybersecurity tools dashboards.
• Experience in Open-Source Intelligence gathering.
• Experience with Threat hunting and vulnerability assessment.
• Knowledge of SIEM tools and query generation
  
  

Duties

• Performs network security monitoring and incident response for a large organization.
• Coordinates with other government agencies to record and report incidents.
• Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies.
• Monitors Security Information and Event Management (SIEM) to identify security issues for remediation.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
• Assists with implementation of countermeasures or mitigating controls.
• Supports efforts to consolidate and conduct comprehensive analysis of threat data obtained from classified, proprietary, and open-source resources to provide indication and warnings of impending attacks against unclassified and classified networks.
• Supports Team Lead on developing recommendations for changes to Standard Operating Procedures and other similar documentation.
• Monitors and reviews logs from existing security tools and creates new security tool signatures to ensure maximum performance and availability.
• Performs all aspects of intrusion detection, log and audit management, network and database vulnerability assessment and compliance management, and security configuration.
• Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Also manages accounts, security devices, and patches; responsible for access control/passwords/account creation and administration.
• Analyze collected information to identify vulnerabilities and potential for exploitation.
• Provides support in the identification, documentation, and development of computer and network security countermeasures.
• Identifies network and operating systems vulnerabilities and recommends countermeasures.
• Supports the deployment and integration of security tools as needed.
• Prepares written reports and provides verbal information security briefings.
• Investigates, monitors, analyzes, and reports on information security incidents.
• Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.
• Use mitigation, preparedness, and response and recovery approaches, as needed to maximize information security.
• Provides incident handling support for incident detection, analysis, coordination, and response.
• Monitors network to actively remediate unauthorized activities.
• Monitors intrusion detection sensors and log collection hardware and software to ensure systems are collecting relevant data.
• Monitors all security systems to ensure maximum performance and availability.
• Analyze computer security threat information from multiple sources, disciplines, and agencies across.
  
  

Powered by JazzHR