U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.
Please send resume in word format should you be interested in the following Sr SOC Analyst position in Germantown, MD. The salary range is 150-170K. If you are not interested, please forward to your colleagues.
Interview process: phone interview, onsite interview
Clearance is NOT required to start. However, all candidates must be clearable to a DOE Q/TS clearance. All candidates must be receptive to a drug test and background investigation.
Notes from hiring manager:
They are really wanting someone with Big Data experience since our program is going in that direction.
This person is not a policy or C&A one
Need real SOC and NOC experience in a 24/7 operation.
The end client is a complex large environment as well so they will ideally want someone with experience in a large environment.
Sr. SOC Cyber Security Analyst
As the Senior SOC Analyst you will apply standard methods and techniques utilizing data platforms, tool sets and knowledge in threat/hunt activities and advanced analysis in the protection of a large nationwide network.
What is in it for you?
· Provides the opportunity to work with cutting edge technologies in the protection of mission critical systems
· Provides a range of network monitoring and forensics services for a large multi-tiered nationwide network
· Opportunity to learn from other network defenders both internal and external to the agency
Duties and Responsibilities
· Analyze network and host activity associated with both successful and unsuccessful intrusions by advanced attackers.
* Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output.
* Leverage understanding of tactics, techniques and procedures associated with advanced threats to create and add custom signatures that mitigate highly dynamic threats to the enterprise.
* Employ advanced forensic tools and techniques for attack reconstruction and intelligence gathering.
* Coordinate resources during enterprise incident response efforts, driving incidents to resolution.
* Identify and evaluate new sources of intelligence, and integrate numerous types of cyber security data sources into cyber threat analysis products.
* Proactively research emerging cyber threats. Apply analytical understanding of attacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
* Produce threat intelligence reports and briefings, that provide situational awareness of cyber threats impacting the company's global network infrastructure, to every level of the organization.
* Conduct threat hunt operations using known adversary tactics, techniques and procedures, as well as indicators of attack, in order to detect advanced threats to the enterprise.
* Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals.
· Bachelor's degree and minimum 4 years of relevant experience in Information / Cyber Security. Additional years of relevant experience will be considered in lieu of a degree.
* Experience in conventional network/host-based intrusion analysis, digital forensics, or malware analysis.
* Experience performing "deep dive" analysis and correlation of log data from multiple sources including PCAP and forensic artifacts.
* Experience with incident response activities involving APT threat actors, and working ongoing pervasive intrusion sets.
* Strong understanding of Operating Systems and Network Protocols.
* Must be US Citizen and able to obtain security clearance.
· Experience with Splunk (preferred) or other SIEM-type platform
* Experience with Bro Network Security Monitor.
* Capable and comfortable communicating actionable threat intelligence to both technical and executive-level stakeholders.
* Familiarity with common languages (like Perl and Python) to parse logs, automate processes, and integrate systems.
* Experience with dynamic malware analysis, and reverse engineering.
* Ability to create, modify, and implement both Snort and YARA signatures.
* Published research papers at conferences or through other mediums (blogs, articles).
* Working knowledge of Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) tools and techniques.
* A deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats.
* Experience applying threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards, and metrics driven reports.
* Experience with Big Data Analytics