Title Security Operations Center Analyst EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. Description Seeking a Security Operations Analyst to work in support of the FBI in Clarksburg, WV. This is a full time employment opportunity. The SOC Analyst will have: - In-depth knowledge of TCP/IP networking and network protocols. - Real-time network monitoring using a Security Information and Event Management (SIEM) - Experience working shifts in a network security operations center. - Broad knowledge of security appliances (Intrusion Detection System, Intrusion Prevention System, Firewalls, Proxies, etc.) to include how the devices work and associated limitations. - Experience using a broad variety of network defense/monitoring tools in the context of an analyst - Experience analyzing and correlating information from multiple sources to determine the source and nature of an event. - Experience with event escalation - Experience with regular expressions (REGEX) and pattern matching. - Basic understanding of scripting languages and syntax - Computer Intrusion methodology, and intrusion analysis/investigation methodology - Experience creating reports from large amounts of data *********************** Top Secret Clearance Required *********************************** Additional Details: • Monitor intrusion detection and prevention systems and other security event data sources on a 24x7x365 basis. • Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures. • Ability to problem solve, ask questions, and discover why things are happening. • Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs. • Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues. • Reporting outputs will be reviewed and approved to ensure quality and metrics are maintained. • Responsible for tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management. • Notify the Customer of significant changes in the security threat against the Customer networks in a timely manner and in writing via established reporting methods. • Provide support for the A/V hotline and appropriately document each call in an existing tracking database for this purpose. • Coordinate with the O&M team to ensure production systems are operational. • Produce daily/weekly/monthly/quarterly reporting as required by management. • Maintain system baselines and configuration management items, including security event monitoring "policies" in a manner determined and agreed to by management. Ensure changes are made using an approval process agreed to in advance. • Coordinate with appropriate organizations regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact. • Produce reports identifying significant or suspicious security events to appropriate parties. Include latest security threat information and tie back to specific intrusion sets of nation state actors when possible. • Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event. • Review and evaluate network modifications and recommend security monitoring policy updates. • Establish procedures for handling each security event detected. • Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary. • Be able to create and add user defined signatures, or custom signatures, to compensate for the lack of monitoring in threat areas as warranted by threat changes or as directed by the customer. This includes creating content in a tool as needed. • Maintain a network diagram depleting the relevant security checkpoints in the network. • Develop and implement a methodology using a customer provided tool. Use Case UML processes that identify procedures for correlating security events. Analysis should all be able to create custom content and develop new use cases to better correlate security event information. • Develop and utilize "Case Management" processes for incident and resolution tracking. The processes should also be used for historic recording of all anomalous or suspicious activity. • Identify misuse, malware, or unauthorized activity on monitored networks. Report the activity appropriately as determined by the customer. • Maintain proficiency and skills through relevant training, conventions, conferences, and on-the-job training. • Provide analytical support as needed for the overall projects and systems by working with engineers, O&M, and other personnel to ensure effective operations of all capabilities, piloting of new systems, and periodic updates to systems. Position Requirements • A Bachelor's Degree in computer engineering, computer science, or other closely related IT discipline. • Strong analytical and problem solving skills. • At least 4 years' experience in cyber security analysis, incident response, or related IA/Security experience. • Good interpersonal, organizational, writing, communications and briefing skills. Full-Time/Part-Time Full-Time Shift Various Shifts Benefits Our company has been operating since 1996 and have various contracts with Government agencies. We offer a comprehensive benefit package that includes 3 weeks paid time off, 2 weeks Holiday pay, medical/dental coverage, STD, LTD, Life Insurance, AD&D, 401k with up to 4% match, and end of year profit sharing. Security Clearance Top Secret Number of Openings 2 Exempt/Non-Exempt Exempt Req Number INF-18-00001 Location Clarksburg, West Virginia This position is currently accepting applications.