Senior Cyber Intrusion Detection Analyst - 5th shift

				Overview:

GovCIO is currently hiring for Senior Cyber Intrusion Detection Analyst for 5th shift work (7am-7pm Saturday + Sunday, Friday 11pm to 7am and Tuesday 7am to 3pm) in the Washington, DC and will be a hybrid remote position.

Responsibilities:

* Respond to cyber incidents, including responding to SOC IR phone calls and SOC emails
* Act as a Subject Matter Expert in investigations for potential incidents identified by SOC Tier I & II analysts and Shift Lead
* Investigate phishing and self-identified potential cyber threats (phishing emails sent to the SOC)
* Work with SOC federal staff and Incident Handlers to analyze, triage, contain, and remediate security incidents
* Participate regularly in SOC Splunk engineer working group sessions, to include idea generation for new content rules for security alerting and reduction of false positives. Collaborate across the SOC organizational lines with Threat Hunt and Security Intelligence, while developing depth in your desired cyber discipline and/or technologies
* Follow Federal IRP, SOC SOPs and other prudent documentation procedures in order to work and be effective while having an eye towards process improvement/effectivity
* Knowledgeable on multiple technology and system types
* Able to articulate the incident response lifecycle
* Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches
* Detect, collect and report cybersecurity incidents
* Experience detecting and remediate malicious codes
* Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate contractor and federal stakeholders
* Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings
* Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents
* Support and help the Cyber Workforce Development Lead, go through tickets analyzing security annotations on documented incidents

Qualifications:

* Bachelor's with 8+ years of cybser security experience (or commensurate experience)
* 6+ years intrusion detection examination experience (or commensurate experience)
* 6 years of security intrusion detection examination experience involving a range of security technologies that produce logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; the ability to communicate clearly both orally and in writing. 
* Working experience with Splunk SIEM. 
* At least 3 years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments.
* Candidate must have one or more advanced certification, including but not limited to: CERT Certified Computer Security Incident Handler, CEH Certified Ethical Hacker, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals
* Clearance Required:Ability to maintain a Public Trust clearance
			

Apply

Share this job:

Share this Job

View company profile

GovCIO LLC

Connect To Our Company