Job Title:Cyber Security Analyst
SUMMARY: Agile Defense is currently seeking a talented SOC Analyst to support a large civilian federal entity Cyber Security Operation Center (CSOC). The program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise.
Work Schedule:
***One Front Half Night Position (Sun-Tue, every other Wednesday). One Back Half Night Shift position (Thu-Sat, every other Wednesday). Six 6pm-6am days, One 10pm-6am day every other week for 80 hours every two weeks.
JOB DUTIES AND RESPONSIBILITIES:
- Monitor for security relevant events and produce high quality analysis in accordance with both federal and contractor leadership expectations.
- Identify opportunities to improve detection content and existing processes relevant to the role.
- Support fellow analysts on investigations, providing mentorship and training as able.
- Support special projects related to job duties as requested by federal and contractor leadership.
- Support candidate vetting, staffing and on-boarding efforts for the program and XOR as a whole.
- Support Business Development efforts as required.
- Support corporate culture development initiatives to foster a culture of learning and growth for technical personnel.
QUALIFICATIONS:
- Minimum 1+ years of experience in Security Operations Center environment.
- Should have Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
ADDITIONAL SKILLS & QUALIFICATIONS
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
- Prior experience and ability to with analyzing information technology security events to discern events that qualify as a legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
- Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
- Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources e.g. windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting,
- Excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
- Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
- A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
- Ability to support coverage requirements for various shifts during holidays and weekends when required.
- An understanding in researching Emerging Threats and recommending monitoring content within security tools.
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
- Experience with one or more of the following technologies, such as: Splunk (including Core and ES), ArcSight, Cisco FirePower, Carbon Black, FireEye (HX, NX, EX)
- One or more certifications for CND Analysts: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, CISSP, Security+, Network+, CEH, CND.
WORKING CONDITIONS:
- This position is full time remote. Will require some travel as part of onboarding to pick up credentials from a local fed office.
- Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
- Stand or Sit; Use Hands / Fingers to Handle or Feel; See
These Core Values are present in all our employees and our organization's aspects. Learn more about us and our culture by visiting us here.
COVID-19 Vaccination Requirements
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities