SOC Analyst with Security Clearance - Scott AFB, United States - TEKsystems c/o Allegis Group

    TEKsystems c/o Allegis Group
    TEKsystems c/o Allegis Group Scott AFB, United States

    2 weeks ago

    Default job background
    Description
    Job Description
    Responsible for maintaining the integrity and security of
    enterprise-wide cyber systems and networks. Supports cyber security
    initiatives through both predictive and reactive analysis, articulating
    emerging trends to leadership and staff. Coordinates resources during
    enterprise incident response efforts, driving incidents to timely and complete
    resolution. Performs network traffic analysis utilizing raw packet data, net
    flow, IDS, and custom sensor output as it pertains to the cyber security of
    communications networks. Reviews threat data from various sources and develops
    custom signatures for Open Source IDS or other custom detection capabilities.
    Correlates actionable security events from various sources including Security
    Information Management System (SIMS) data and develops unique correlation
    techniques. Utilizes understanding of attack signatures, tactics, techniques
    and procedures associated with advanced threats. Develops analytical products
    fusing enterprise and all-source intelligence. Be able to conduct malware
    analysis of attacker tools providing indicators for enterprise defensive
    measures, and reverse engineer attacker encoding protocols. Interfaces with
    external entities including law enforcement organizations, intelligence
    community organizations and other government agencies such as the Department
    of Defense. DISA is a combat support agency of the Department of Defense (DoD).

    The agency is composed of nearly 6,000 civilian employees; more than 1,500 active duty military personnel from the Army, Air Force, Navy, and Marine Corps; and approximately 7,500 defense contractors.

    The agency provides, operates, and assures command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure in direct support to joint warfighters, national level leaders, and other mission and coalition partners across the full spectrum of military operations.

    DISA has decided to shut down one of its facilities in Hawaii and establish those operations in Utah, which is the reason for the openings here at Scott.

    These folks will be working in what is essentially a commercial SOC, but for the Military/DISA. They will mostly be monitoring intrusions and escalating issues. If a candidate is more of a tier two or three level they will still hire them. Show me any candidate, in any pay range they are open to senior members as well. For now, ideal candidates will be from the reserves, the national guard, or separating from active duty. The candidate will serve as a Cyber Operations Analyst on the DISA GSM-O program.

    Analysts synthesize, summarize, consolidate and share potentially malicious activities on the DoDIN with DISA and mission partner organizations by creating incident reports, wiki updates, Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE, CISSP or equivalent) with the ability to obtain CND-A certification within 180 days of start date.- Hold and maintain an active Top Secret w/ SCI eligibility- Hold a proficient understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.- Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).- Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g.

    Netflow, FPC), and other attack artifacts in support of incident investigations.- Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.- Familiarity or experience in Intelligence Driven Defense and/or Cyber Kill Chain methodology.collaboration/chat tippers and notifications, DoD incident handling database queries, metrics, and trend reports.


    Required Skills, Experience, and Education:

    Basic Qualifications- Candidate must possess a CompTIA Security+ with Continuing Education (CE) certification; have experience supporting CND or related teams; working CND duties (e.g., Protect, Defend, Respond, and Sustain); experience working with DoD / Government Leaders at all levels; and have strong communication skills (both written and verbal).


    Desired skills:
    Candidate should have at least one other IA certification completed, i.e., SSCP, CSIH, GCIA, GCIH or CEH; have UNIX Administrative skills; Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task; Knowledge of hacker tactics, techniques and procedures (TTP); Be able to conduct malware analysis; Demonstrated hands on experience with various static and dynamic malware analysis tools; Knowledge of advanced threat actor tactics, techniques and procedures (TTP); Understanding of software exploits; Ability to analyze packed and obfuscated
    code; Comprehensive understanding of common Windows APIs and ability to analyze shellcode


    Typical minimum requirements:

    Bachelor's degree from an accredited college in a related discipline or equivalent experience/combined education with 7 years of professional experience or 5 years of professional experience with a related Master's degree.