As a Security Operations Center (SOC) Tier 1 Analyst, you will be analyzing / monitoring network traffic for a global implementation of Microsoft UC (Skype for Business).
In this role, you will be responsible for the following:
- Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events and logs
- Prioritizing and differentiating between potential intrusion attempts and false alarms
- Creating and tracking security investigations to resolution
- Opening tickets and assigning to correct resolver and validating/closing tickets related to false positives.
- Providing Tier 1 investigation, triage, and mitigation of detected security events
- Composing security alert notifications and other communications
- Advising incident responders in the steps to take to investigate and resolve computer security incidents
- Staying up to date with current vulnerabilities, attacks, and countermeasures
- Responsible for working in a 24x7 Security Operation Center (SOC) environment
- Provide analysis and trending of security log data from a large number of heterogeneous security devices.
- Provide Incident Response (IR) support when analysis confirms the actionable incident.
- Provide threat and vulnerability analysis as well as security advisory services
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Investigate, document, and report on information security issues and emerging trends.
- Coordinate with Intel analysts on open source activities impacting SLTT governments.
- Integrate and share information with other analysts and other teams
- Other duties as assigned
Knowledge, Skills, and Abilities
- Ability to use assessment tools and other security tools found in large network environments; along with the ability to work with Security Information and Event Management (SIEM) solutions, including Splunk
- Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software packages
- Familiarity with and the ability to follow ITSM, ITIL, and InfoSecurity Best Practices
- Candidates must be able to work on-site at Federal Agency located in the Vienna, VA or San Antonio, TX areas
- Authorized to work in the US without sponsorship now or in the future
- The ability to communicate security events, potential impacts, and actions taken to higher-tier resolvers and management team
Certifications and Experience
- Hold at least a US Secret Clearance
- Meet IAT II Certification requirements
- Security+ Certification is required
- 2-3 years of related experience in a Security Operations Center capacity
- Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), Cyber Defense Team (CDT), or a Security Operations Center (SOC)
- Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Vulnerability management and Federal/Military security protocols
- Experience with Log Event Monitoring solutions is strongly desired but not required