Security Intrusion Detection System (IDS) Analyst

for Swoon Technology Resources LLC in Washington, DC

Intrusion Detection, IDS, SOC Analyst, Threat management, incident response, signature tuning, networking, arcsight, trustwave SIEM 
Washington, DC
Area Code:
Travel Req:
Pay Rate:
Tax Term:
12+ months 
Position ID:
Dice ID:

Our client, an excellent Government organization located in downtown Washington DC is looking for a Security Intrusion Detection (IDS) Analyst for a fantastic 12+ month contract!

This role requires an 11-12 hour work day, 3 days a week.

Interested candidates should have hands on expereince in a SOC environment, analytical skills for remedial and strategic problem-solving, web/Malware analysis and incident response detection and containment expereince. Operational IDS Analyst experience in a SOC environment is required.


Security IDS Analyst Requirements:

5 years threat management experience in a security operations environment

2 years as a SOC analyst level 3 performing security event and correlation monitoring

A strong Networking and Network Security background is required.

  • Firm understanding of incident response, signature tuning, and network protocols
  • Ability to be granted Public Trust clearance

Network Topology:

  • Quickly understand network routes taken by various assets in use on the networks
  • Firm understanding of security zones, VLANS, or interface context as associated with the networks

Intrusion Prevention:

  • Detecting and blocking malicious network traffic
  • Signature tuning
  • False positive reduction
  • TCP/IP manipulations
  • Understanding of evasion strategies
  • Detecting various attack vectors
  • Email security techniques
  • Data recovery techniques
  • Timestamp & File system analysis
  • Log parsing and correlation

Event Analysis:

  • Determine the purpose and/or outcome of security events as they are being observed in the logs and do discovery on activity events
  • Ability to analyze report on packet captures
  • Solid knowledge of Windows OS, Linux OS, create virtual sandbox(s) to create minor shell scripts or VB/Access to support data extraction correlation and discovery

Network Forensics:

  • Firm understanding of network and operating system forensics
  • Chain of Custody and evidence collection
  • Identify malware and suspicious activity patterns in firewall, router, and server logs when an IPS has not detected the activity (ingress and egress)
  • Review IPS event activities
  • Interpret format, syntax, and contexts used within Cisco firewall ACL configuration files
  • Report risks and security events related malicious activity which may be dropped by the router interface prior to reaching further defense-in-depth controls

Required Intrusion Prevention Systems Experience:

  • SourceFire, Cisco and Enterasys

Required Security Information and Event Management (SIEM) Experience:

  • Trustwave and Arcsight SIEM



Interested? Please send your resume to Sara Riggs, Recruiting Lead at, or call 312-450-8349.

Sara Riggs
Swoon Technology Resources LLC
300 South Wacker Drive
Suite 1300
Chicago, IL 60606
Phone: (312) 450-8349