CyberData Technologies, Inc., an established technology solution provider based in Herndon, Virginia, is looking to expand its growing team. We are an industry leader in data warehousing and business intelligence for both government and commercial clients. CyberData ranked 30th Fastest Growing Federal Contractors in Washington Technology Fast 50, and is an Inc. 500 company. Our employees are our greatest asset and we are committed to their professional development and growth. We provide competitive salaries, bonuses, generous benefit packages, and paid time off to balance work and personal commitments.
We are currently seeking SOC Incident Response Specialist to support our Federal client in Rockville, Maryland.
Job Location: Rockville, Maryland walking distance to Metro.
- Mid-Level SOC/IR Engineer: Job functions will be split: 70% SOC Engineer, and 30% SOC Analyst work.
- Requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.
- Implement new incident response and/or threat intelligence capabilities and integrate new capabilities with existing tools in the SOC s cybersecurity ecosystem and/or the HRSA IT infrastructure.
- Write custom scripts using Python (preferred) and Powershell to automate certain tasks.
- Assist in the implementation of a new EDR solution.
- Assist in the implementation of a new IDS solution.
- Assist in the implementation of Phantom to automate certain SOC tasks.
- Monitor HRSA information system assets for threats and anomalies utilizing tools in the SOC s cyber security ecosystem.
- Monitor the SIEM (Splunk ES) for notable events and work with customers to investigate and remediate those events.
- Analyze notable events in Splunk ES and determine if notable events need to become incidents based on the HRSA Incident Response Plan.
- Investigate triggered signatures from various tools to identify threats and false positives, and respond to those signatures within 5 minutes of notification/alert.
- Develop and deploy new SNORT signatures based on various threats on a daily basis, and as necessary.
- Maintain existing SNORT signatures, and tune signatures to reduce false positives on a daily basis, and as necessary.
- Consistently execute HRSA Incident Response processes according to the HRSA Incident Response Plan, SOC Standard Operating Procedures (SOP), and analyst workflows..
- Conduct cyber security threat research, including analyzing threat feeds for effectiveness and applicability; researching various types of malware, including reverse engineering (if necessary); understanding adversary techniques, tactics, and procedures (TTPs) and identifying TTPs within the HRSA environment.
- Continually monitor, review, and investigate notable events generated by the SIEM on a daily basis.
- Perform threat and anomaly hunting within the HRSA environment utilizing tools in the SOC cyber security ecosystem.
- 5 years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center.
- 3 years experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk or similar tools, and malware triage.
- 3 years of cyber security engineering experience, including experience in writing scripts to automate manual tasks.
- Strong analytical and investigation skills & active threat hunting and adversary tracking.
- Experience with IDS/IPS technologies such as SourceFire and Palo Alto Firewalls. Candidate should be familiar with rulesets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
- Experience with FireEye technologies, such as NX, HX, AX.
- Experience with various EDR solutions.
- Experience with troubleshooting in an Active Directory environment. A solid understanding of Windows 2012/2016 Server, Windows 7/10, the Microsoft registry, remote administration, and other MS products. IPv6 experience a plus.
- Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.
- Solid experience with TCP/IP protocols and ports. Preferably firewall and ACL experience.
- SOC analysis and SIEM experience with Splunk. Candidate should be able to write basic Splunk queries, create dashboards and reports, and be familiar with Splunk Enterprise Security (ES). Candidates with Splunk certifications are preferred (i.e. Power User, Admin, etc.)
- Experience with sniffers, packet capture and netflow tools including Wireshark (required) and NetWitness (preferred). Candidate should be able to efficiently gather and analyze data with these tools to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
- Experience in Information Security and with the use of security devices.
Please submit your resume in Word format with salary requirement to firstname.lastname@example.org. Principals only: NO 3rd PARTY, no employment agencies. No telephone calls please.
CyberData is an equal opportunity employer.
CyberData Technologies, Inc.