Security Intrusion Detection System (IDS) Analyst

for Swoon Technology Resources LLC in Washington, DC

Report
Skills:
Intrusion Detection, IDS, SOC Analyst, Threat management, incident response, signature tuning, networking, arcsight, trustwave SIEM 
Location:
Washington, DC
Area Code:
202 
Travel Req:
none 
Telecommute:
no 
Pay Rate:
negotiable 
Tax Term:
CON_IND CON_W2 
Length:
12+ months 
Posted:
4-14-2014 
Position ID:
SR3562 
Dice ID:
10360791 

Our client, an excellent Government organization located in downtown Washington DC is looking for a Security Intrusion Detection (IDS) Analyst for a fantastic 12+ month contract!

This role requires an 11-12 hour work day, 3 days a week.

Interested candidates should have hands on expereince in a SOC environment, analytical skills for remedial and strategic problem-solving, web/Malware analysis and incident response detection and containment expereince. Operational IDS Analyst experience in a SOC environment is required.

 

Security IDS Analyst Requirements:

5 years threat management experience in a security operations environment

2 years as a SOC analyst level 3 performing security event and correlation monitoring

A strong Networking and Network Security background is required.

  • Firm understanding of incident response, signature tuning, and network protocols
  • Ability to be granted Public Trust clearance

Network Topology:

  • Quickly understand network routes taken by various assets in use on the networks
  • Firm understanding of security zones, VLANS, or interface context as associated with the networks

Intrusion Prevention:

  • Detecting and blocking malicious network traffic
  • Signature tuning
  • False positive reduction
  • TCP/IP manipulations
  • Understanding of evasion strategies
  • Detecting various attack vectors
  • Email security techniques
  • Data recovery techniques
  • Timestamp & File system analysis
  • Log parsing and correlation

Event Analysis:

  • Determine the purpose and/or outcome of security events as they are being observed in the logs and do discovery on activity events
  • Ability to analyze report on packet captures
  • Solid knowledge of Windows OS, Linux OS, create virtual sandbox(s) to create minor shell scripts or VB/Access to support data extraction correlation and discovery

Network Forensics:

  • Firm understanding of network and operating system forensics
  • Chain of Custody and evidence collection
  • Identify malware and suspicious activity patterns in firewall, router, and server logs when an IPS has not detected the activity (ingress and egress)
  • Review IPS event activities
  • Interpret format, syntax, and contexts used within Cisco firewall ACL configuration files
  • Report risks and security events related malicious activity which may be dropped by the router interface prior to reaching further defense-in-depth controls

Required Intrusion Prevention Systems Experience:

  • SourceFire, Cisco and Enterasys

Required Security Information and Event Management (SIEM) Experience:

  • Trustwave and Arcsight SIEM

 

 

Interested? Please send your resume to Sara Riggs, Recruiting Lead at sara.riggs@swoontech.com, or call 312-450-8349.

Sara Riggs
Swoon Technology Resources LLC
300 South Wacker Drive
Suite 1300
Chicago, IL 60606
Phone: (312) 450-8349