Apply on Employer Site

SOSi · 4 months ago

Cyber Incident Handling Analyst

Reston, Virginia

Full-time

Onsite

Mid, Senior Level

7+ years exp

SOSi is seeking a Cyber Incident Handling Analyst to support their customer. The role involves performing analytic analysis of cyber-related events to detect and deter malicious actors using SIEM technologies.

ConsultingGovernmentInformation Technology

No H1B

Security Clearance Required

Responsibilities

Work as a member of the Cyber Incident Response Operations Team to increase the security posture of the customers' network

Monitor SIEM platforms for alerts, events, and rules providing insight into malicious activities and/or security posture violations

Review intrusion detection system alerts for anomalies that may pose a threat to the customers' network

Identify and investigate vulnerabilities, assess exploit potential and suggest analytics for automation in the SIEM engines

Report events through the incident handling process of creating incident tickets for deeper analysis and triage activities

Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers

Issue triage steps to local touch labor organizations and Army units to mitigate or collect on-site data

Perform post intrusion analysis to determine shortfalls in the incident detection methods

Develop unique queries and rules in the SIEM platforms to further detection for first line cyber defenders

Monitor the status of the intrusion detection system for proper alert reporting and system status

Respond to the higher headquarters on incidents and daily reports

Provide daily updates to Defensive Cyber Operations staff on intrusion detection operation and trends of events causing incidents

Prepare charts and diagrams to assist in metrics analysis and problem evaluation and submit recommendations for data mining and analytical solutions

Draft reports of vulnerabilities to increase customer situational awareness and improve the customers cyber security posture

Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned

May perform documentation and vetting of identified vulnerabilities for operational use

May prepare and present technical reports and briefings

Utilize a solid understanding of networking ports and protocols, their uses, and their potential misuses

Qualification

SIEM technologiesIntrusion detection systemsCybersecurity certificationsPacket analysisDefensive Cyber OperationsSplunkLinux audit log analysisScripting languagesProblem evaluationTechnical reportingCommunication skillsTeam collaboration

Required

An active in scope Top Secret/SCI clearance is required

Bachelor in related discipline +3, AS +7, major certification +7 or 11+ years specialized experience

Must meet DoD 8140 DCWF 531 requirements (B.S., A-150-1980, A-150-1202, A-150-1203, A150-1250, WSS 011, WSS 012GCFA, CBROPS, FITSP-O, GISF, CCSP, CEH, Cloud+, GCED, PenTest+, Security+, or GSEC)

Must meet DoD 8140 DCWF 511 requirements (B.S., M03385G; M10395B; M22385, A-150-1980, A-150-1202, A-150-1203, A-150-1250, A-531-0451, A-531-4421, A-531-1900, WSS 011, DISA-US1377, GFACT, GISF, Cloud+, GCED, PenTest+, Security+, or GSEC)

Must have one of the following certifications (Cisco CyberOps Professional, GCED, GCFA, GCFE, GCIH, GNFA, DCITA CIRC, FIWE or Offensive Security OSDA)

Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations

Must have a good breadth of knowledge of common ports and protocols of system and network services

Experience in packet captures and analyzing a network packet

Experience with intrusion detection systems such as Snort, Suricata, and/or Zeek

Experience with SIEM systems such as Splunk and/or ArcSight

Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats

Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process