Tier 3 Cyber Network Defense Analyst with Security Clearance - Franconia, VA, United States - Base One Technologies

    Base One Technologies
    Base One Technologies Franconia, VA, United States

    2 weeks ago

    Default job background
    Technology / Internet
    Description
    Our Franconia VA based client is looking for a Tier 3 Cyber Network Defense Analyst
    This position requires an active TS/SCI clearance and DHS EOD
    If you are qualified and interested in this opening, please forward a copy of your updated resume in word format to Must Have One of the Following J3 Certifications


    SANS GIAC:
    GCIA, GCIH, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, or GCIH

    EC Council:
    CEH, CHFI, LPT, ECSA

    ISC2:
    CCFP, CCSP, CISSP CERT CSIH.

    Offensive Security:
    OSCP, OSCE, OSWP and OSEE Primary Responsibilities
    Our Franconia VA based client is seeking a Tier 3 Cyber Network Defense Analyst to join our team on a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff
    Department of Homeland Security (DHS) Enterprise Security Operations Center (ESOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise
    The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC
    Direction and coordination are achieved through a shared DHS incident tracking system and other means of coordination and communication.

    The Tier 3 analyst will provide support during core business hours and will also participate in an on-call rotational schedule.

    Duties include proactively searching for threats
    Inspect traffic for anomalies and new malware patterns
    Investigate and analyze logs
    Provide analysis and response to alerts when escalated from junior analysts, and document activity in SOC investigations and Security Event Notifications (SENs)
    Develop custom content within the SIEM or other network security tools to detect threats and attacks against the department
    Tier 3 analysts participate in briefings to provide expert guidance on new threats and will act as an escalation point for M&A analysts
    The analyst may also be required to author reports and/or interface with customers for ad-hoc requests
    In addition, the Tier 3 analyst may be asked to participate in discussions to make recommendations on improving SOC visibility or process
    Basic Qualification

    Candidates shall have a minimum of five (5) years of professional experience in security, information risk management, or information systems risk assessment, and must be knowledgeable in many areas such as: Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web-filtering, and Advanced Threat Protection.


    • Experience implementing security methodologies and SOC processes
    • Extensive knowledge about network ports and protocols (e.g
    TCP/UDP, HTTP, ICMP, DNS, SMTP, etc)


    • Experienced with network topologies and network security devices (e.g
    Firewall, IDS/IPS, Proxy, DNS, WAF, etc).


    • Hands-on experience utilizing network security tools (e.g
    Sourcefire, Suricata, Netwitness, o365, FireEye, etc) and SIEM


    • Experience training and mentoring junior analysts
    • Expertise in developing custom SPL using macros, lookups, etc.
    • Experience creating regex for pattern matching
    • Extensive knowledge of common end user and web application attacks and countermeasures against attacks
    • Experience creating SOPs and providing guidance to junior analyst
    • Ability to analyze new attacks and provide guidance to watch floor analyst on detection and response
    • Knowledgeable of the various Intel Frameworks (e.g
    Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc) and able to utilize it in their analysis workflow


    • TS/SCI clearance and DHS EOD is required Preferred Qualification
    • Experience implementing security methodologies and SOC processes
    • Experience developing custom workflows within Splunk to streamlines SOC processes
    • Knowledgeable of APTs their capabilities and experience implementing appropriate countermeasures
    • Experience in a scripting language (e.g
    Python, Powershell, etc) and automating SOC processes/workflow


    • Experience with performing cloud (e.g
    o365, Azure, AWS, etc) security monitoring and familiarity with cloud threat landscape