CSIRT Analyst - Jackson, United States - EmergencyMD
Description
Evolver Federal is seeking aCSIRT Analyst
to join our team supporting our federal customer located at Stennis Space Center, MS. CSIRT is the primary entity of the SOC and the heart of Incident Response Operations. They are responsible for monitoring, incident recording, and reporting of cyber security events or incidents.
The goal of CSIRT is to minimize and control the damage resulting from cybersecurity events or incidents, provide effective guidance for response, coordinate recovery activities, and work to prevent future incidents from occurring.
Additionally, they provide coverage to ensure a proactive approach to defending against email attacks and a reactive approach when responding to successful attacks.
Responsibilities:
Provide 24x7x365 on site coverage monitoring and incident recording of security alerts and security event information received from all of our customer's security feeds, tools and designated system logs in near real time;
Track all security incidents via Swimlane, ServiceNow and DHS ECOP;
Provide remedial recommendations and produce consistent comprehensive reports on findings
Activities include:
Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting our customer's networks
Analysis and recommendation of hardware and/or software tools that will assist in traffic analysis
Implementation, training, and SOP development and maintenance of implemented solutions
In-depth Web log analysis to determine trend, patterns, and suspicious activity
Pattern analysis, trend analysis, behavior analysis, and other specialized analysis
Reporting results of all analyses to the SOC GWO and PM
Coordinate and advise on incident response actions taken by Incident Response Handlers for incidents affecting their areas
Develop and maintain formal, documented SOPs that are delivered for the SOC GWO's review and approval when developed or modified.
Investigate and identify anomalous events that are detected by security devices or reported to the SOC from external entities, other DHS Components, system administrators, and the user community via Security Orchestration and Automation Response (SOAR) platform security tools, incoming phone calls, emails, and SNOW/ECOP tickets
Analyze suspicious web or email files for malicious code discovered through SPAM email monitoring and any other available sources
Determine indicators, including command and control channels, of malicious code
Collaborate with the Malware Analysis team to dissect Targeted Spear Phishing attacks from general mass email attacks
Basic Requirements
Must be a US Citizen able to obtain an Agency-specific clearance prior to starting
Have and maintain at least one active certification: Security+ or ISC2 CISSP, or other comparable certification approved in advance by the SOC PM on a case-by-case basis.
Bachelor's degree in Computer Science, Information Technology, or related field, or a minimum of one year of experience in operations or incident response.
Preferred Requirements
Familiarity with the Splunk and McAfee EPO
Current Active DOD Top Secret Clearance
Evolver Federal is an equal opportunity employer and welcomes all job seekers.
It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
#J-18808-Ljbffr