Jobs
>
Jackson

    CSIRT Analyst - Jackson, United States - EmergencyMD

    EmergencyMD
    EmergencyMD Jackson, United States

    4 weeks ago

    Default job background
    Description
    Evolver Federal is seeking a

    CSIRT Analyst

    to join our team supporting our federal customer located at Stennis Space Center, MS. CSIRT is the primary entity of the SOC and the heart of Incident Response Operations. They are responsible for monitoring, incident recording, and reporting of cyber security events or incidents.

    The goal of CSIRT is to minimize and control the damage resulting from cybersecurity events or incidents, provide effective guidance for response, coordinate recovery activities, and work to prevent future incidents from occurring.

    Additionally, they provide coverage to ensure a proactive approach to defending against email attacks and a reactive approach when responding to successful attacks.


    Responsibilities:
    Provide 24x7x365 on site coverage monitoring and incident recording of security alerts and security event information received from all of our customer's security feeds, tools and designated system logs in near real time;

    Track all security incidents via Swimlane, ServiceNow and DHS ECOP;

    Provide remedial recommendations and produce consistent comprehensive reports on findings


    Activities include:
    Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting our customer's networks

    Analysis and recommendation of hardware and/or software tools that will assist in traffic analysis

    Implementation, training, and SOP development and maintenance of implemented solutions

    In-depth Web log analysis to determine trend, patterns, and suspicious activity

    Pattern analysis, trend analysis, behavior analysis, and other specialized analysis

    Reporting results of all analyses to the SOC GWO and PM

    Coordinate and advise on incident response actions taken by Incident Response Handlers for incidents affecting their areas


    Develop and maintain formal, documented SOPs that are delivered for the SOC GWO's review and approval when developed or modified.

    SOPs provide the operational basis for the customer's SOC Concept of Operations (CONOPS)

    Investigate and identify anomalous events that are detected by security devices or reported to the SOC from external entities, other DHS Components, system administrators, and the user community via Security Orchestration and Automation Response (SOAR) platform security tools, incoming phone calls, emails, and SNOW/ECOP tickets

    Analyze suspicious web or email files for malicious code discovered through SPAM email monitoring and any other available sources

    Determine indicators, including command and control channels, of malicious code

    Collaborate with the Malware Analysis team to dissect Targeted Spear Phishing attacks from general mass email attacks

    Basic Requirements

    Must be a US Citizen able to obtain an Agency-specific clearance prior to starting


    Have and maintain at least one active certification: Security+ or ISC2 CISSP, or other comparable certification approved in advance by the SOC PM on a case-by-case basis.


    Bachelor's degree in Computer Science, Information Technology, or related field, or a minimum of one year of experience in operations or incident response.

    Ability to attain up to a Final TOP SECRET SCI Clearance.

    Preferred Requirements

    Familiarity with the Splunk and McAfee EPO

    Current Active DOD Top Secret Clearance

    Evolver Federal is an equal opportunity employer and welcomes all job seekers.

    It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

    #J-18808-Ljbffr