Host based Systems Analyst /Senior SOC Analyst

Host-based Systems Analyst /Senior SOC Analyst

Location: Arlington, VA

Must have an active Secret Security Clearance

Node provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide-front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.

Node is seeking a Senior SOC Analyst to support this critical customer mission.

Responsibilities:

- Assisting Federal team leads with establishing and operating a Security Operations Center responsible for securing a highly dynamic environment supporting Incident Response and Threat Hunting experts

- Configuring and monitoring the Security Information and Event Management (SIEM) platform for security alerts.

- Scanning and monitoring system vulnerabilities on servers and infrastructure devices using a Threat and Vulnerability security solution; coordinating artifact collection operations.

- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations

- Collects network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents

- Collects network device integrity data and analyzes for signs of tampering or compromise

- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information

- Characterize and analyze artifacts to identify anomalous activity and potential threats to resources

- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions

- Research and test new security tools/products and make recommendations for tools to be implemented in the SOC environment

- Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer-related evidence

- Distilling analytic findings into executive summaries and in-depth technical reports

- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

Requirements

Required Skills:

- U.S. Citizenship

- Must have an active Secret clearance, TS/SCI preferred

- Must be able to obtain DHS Suitability

- Must demonstrate being a self-starter and give examples of leadership in customer-facing roles

- 8+ years of directly relevant experience in security operations using leading-edge technologies and industry-standard tools

- Experience with the analysis and characterization of cyber attacks

- Skilled in identifying different classes of attacks and attack stages

- Knowledge of system and application security threats and vulnerabilities

- In-depth knowledge of CND policies, procedures, and regulations

- In-depth knowledge and experience of network topologies - DMZs, WANs, etc. and use of Palo Alto products

- In-depth knowledge and experience of Wifi networking

- In-depth knowledge of TCP/IP protocols such as ICMP, HTTP/S, DNS, SSH, SMTP, SMB,

- Experience using Elastic SIEM

- Experience with vulnerability assessment and monitoring tools such as Security Center, Nessus, and Endgame

- Experience with reconstructing a malicious attack or activity based on network traffic

- Experience incorporating Threat Intelligence

- Experience with Crowdstike, Gray Noise and Shodan

-Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)

- Must be able to work collaboratively across physical locations.

Desired Skills:

-Proficiency in Elastic SIEM engineering

-Proficiency with Snort

-Proficiency with other EDR Tools (Crowdstrike, Carbon Black, etc)

-Proficiency with network analysis software (e.g. Wireshark)

-Proficiency with carving and extracting information from PCAP data

-Proficiency with non-traditional network traffic (e.g. Command and Control)

-Proficiency with preserving evidence integrity according to standard operating procedures or national standards

-Proficiency with designing cyber security systems and environments in a Linux

-Proficiency with virtualized environments

-Proficiency in conducting all-source research.

Required Education:

BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics and network forensic experience

Desired Certifications:

- GSOM, GSOC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Company Overview:

Node. Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.

Our Core Values help us in our mission. They include:

OUR CORE VALUES

Identifying the~RIGHT PEOPLE~and developing them to their full capabilities

Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner

We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence

Our mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions

Benefits

We are proud to offer competitive compensation and benefits packages to include:

• Medical
• Dental
• Vision
• Basic Life
• Long-Term Disability
• Health Saving Account
• 401K
• Three weeks of PTO
• 10 Paid Holidays
• Pre-Approved Online Training