Node with its prime is supporting a U.S. Government customer on a large mission-critical development and sustainment program. We are looking for a Cybersecurity Analyst (FIRST SHIFT / SECOND SHIFT, 3pm - 12am) for Dulles, Virginia locations.
Applicants MUST be United States Citizens who have a TS/SCI (or better) level of security clearance.
This position will be a combination of remote and onsite support. Candidate must be able and willing to travel, as required, within the Dulles, Virginia metropolitan area.
PRIMARY JOB DUTIES & RESPONSIBILITIES:
* SOC Service Monitoring, Analytics and Cyber Threat Analysis
- Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on the in-scope managed networks, enclaves, systems or security technologies
- Analyzing, triaging, aggregating, escalating and reporting on client security events including investigation of anomalous network activity, and responds to cyber incidents within the network environment or enclave
- Correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
- Continuously works to tune security tools to minimize false positives and maximize detection and prevention effectiveness. Collaborates with the owners of cyber defense tools to tune systems for optimum performance
- Analyzes malware and attacker tactics to improve network detection capabilities. Collaborates with external companies or government agencies to share open source or classified intelligence
- Distributes use case context, vulnerability and threat advisories as relevant to optimize security tools, SIEM and client awareness
- Incident categorization and severity assignment consistent with client criteria
- Event and incident handling consistent with applicable client plans and processes
- Integration of activities with standard reports, such as shift reports, along with client communication protocols
- Documents and provided feedback to engineers for custom views, channels, and other content for Incident Response, Insider Threat Management (ITM), and other threat detection use cases into disparate enclaves in the customer environment
- Support calculation of security metrics related to Managed SOC Services offering
* Communication/Client Engagement/Responsiveness
- Collaboration with the client’s Security Organization via email, conference call, and phone
- Responsiveness to client-initiated requests and reports
- Reporting and communications consistent with client SLAs
- Support client Service Level Agreements related to alert, event/incident, request/report responsiveness
- Support development of shift reports, Situation Reports and After Action Reports
- Engagement and communication between Cyber Threat Analysis and DFIR resources to perform as one CSIRT
* Train and mentor Junior analysts
* Duties as assigned by the Leads or Project Manager including:
- Assess network threats such as computer viruses, exploits, and malicious attacks
- Determining true threats, false positives and network system misconfigurations and provide solutions to issues detected in a timely manner
- Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline
- Develop, update and maintain standard operating procedures and other technical documentation for both client and internal operations.
- Participate in customer calls and meetings on a regular basis.
- Drive SIEM content development, tuning, and review
* Maintain current knowledge of relevant technology and trends.
* Bachelor's Degree in Cyber Security, Information Security, Information Assurance or similar and 4+ years of related experience (concentration of security operations and analysis). Additional experience can be used in lieu of education.
* Prior experience working in any of the following three: Security Operations Center (SOC), Network Operations Center (NOC), Computer Incident Response Team (CIRT)
* Knowledge of and practical experience of integration of COTS or open source tools
* Experience in the detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
* Experience in computer intrusion analysis and incident response
* Working knowledge of Intrusion detection/protection systems
* Knowledge and understanding of network devices, multiple operating systems, and secure architectures
* Working knowledge of network protocols and common services
* System log analysis
* Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
* Experience responding to and resolving situations caused by network attacks
* Ability to assess information of network threats such as scans, computer viruses or complex attacks
* Working knowledge of WAN/LAN concepts and technologies
* SIEM content Analysis, Development and Testing
* 6 months recent experience (within the last 2 years) with RSA Netwitness
* 6 months recent experience (within the last 2 years) with Splunk
* 6 months recent experience (within the last 2 years) with Fireeye
* Familiarity with packet analysis to include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
* Excellent written and verbal communication skills;
* Personality traits: Naturally curious and inquisitive nature; persistent and determined; loves solving problems and puzzles; analytically rigorous; uncompromising integrity.
* Experience with RSA Netwitness, Splunk, FireEye NX, EX, HX, AX, Carbon Black Response, RSA Archer
* Experience with firewalls, routers or antivirus appliances
* Experience working on a 24x7x365 watch desk environment
* Experience with industry standard help desk tools
* One or more of the following:
- Splunk Core Certified Power User
Node.Digital is an independent Digital Automation & Cognitive Engineering company that integrates best of breed technologies to accelerate business impact.
Our Core Values help us in our mission. They include:
OUR CORE VALUES
**Identifying the~RIGHT PEOPLE~and developing them to their full capabilities**
**Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customer fully engaged while becoming their trusted partner**
**We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence**
**Our mantra is “~Simple*Secure*Speed~”in delivery of innovative services and solutions**