Our client, an excellent Government organization located in downtown Washington DC is looking for a Security Intrusion Detection (IDS) Analyst for a fantastic 12+ month contract!
This role requires an 11-12 hour work day, 3 days a week.
Interested candidates should have hands on expereince in a SOC environment, analytical skills for remedial and strategic problem-solving, web/Malware analysis and incident response detection and containment expereince. Operational IDS Analyst experience in a SOC environment is required.
Security IDS Analyst Requirements
5 years threat management experience in a security operations environment
2 years as a SOC analyst level 3 performing security event and correlation monitoring
A strong Networking and Network Security background is required.
- Firm understanding of incident response, signature tuning, and network protocols
- Ability to be granted Public Trust clearance
- Quickly understand network routes taken by various assets in use on the networks
- Firm understanding of security zones, VLANS, or interface context as associated with the networks
- Detecting and blocking malicious network traffic
- Signature tuning
- False positive reduction
- TCP/IP manipulations
- Understanding of evasion strategies
- Detecting various attack vectors
- Email security techniques
- Data recovery techniques
- Timestamp & File system analysis
- Log parsing and correlation
- Determine the purpose and/or outcome of security events as they are being observed in the logs and do discovery on activity events
- Ability to analyze report on packet captures
- Solid knowledge of Windows OS, Linux OS, create virtual sandbox(s) to create minor shell scripts or VB/Access to support data extraction correlation and discovery
- Firm understanding of network and operating system forensics
- Chain of Custody and evidence collection
- Identify malware and suspicious activity patterns in firewall, router, and server logs when an IPS has not detected the activity (ingress and egress)
- Review IPS event activities
- Interpret format, syntax, and contexts used within Cisco firewall ACL configuration files
- Report risks and security events related malicious activity which may be dropped by the router interface prior to reaching further defense-in-depth controls
Required Intrusion Prevention Systems Experience:
- SourceFire, Cisco and Enterasys
Required Security Information and Event Management (SIEM) Experience:
- Trustwave and Arcsight SIEM
Interested? Please send your resume to Sara Riggs, Recruiting Lead at firstname.lastname@example.org, or call 312-450-8349.