Request ID:IN-8462-1 (914091107)
Security Analyst (CEH/CHFI/CCNA) with networking, Java/Python/PowerShell, IDS/IPS, HIDS/EPO, Palo Alto, VmWare, QRadar, Pcap, IBM Resilient, STIG Hardening, Pub1075, Hybrid Cloud and Hyperconverged Infrastructure experience
Location:Columbia SC
Duration:12+ Months
Required Skills (rank in order of Importance):
-A sound knowledge of IT security procedures, common attack types and detection / prevention methods.
-Demonstrable experience of analyzing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviors
-Good understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP)
-In depth experience of other common devices, such as routers, switches, hubs
-Investigate problems escalated from Tier I.
-Refine existing Use Cases/Playbooks, creating new Use Cases/Playbooks,
-Refine and Create workflows in Incident Management Tools
-Organizational Skills
-Verbal Communication Skills
-Written Communication Skills
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
-Java, Python, PowerShell
-Understanding of technical and security domains fundamental to Investigation and Incident Response.
-Experience in setting up, improving a SOC or experience implementing SOC reporting and governance
-Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO.
-Experience with Palo Alto, Active Directory, VmWare, QRadar, PCap, Putty,
-Experience with SOC automation and workflow products such as IBM Resilient
-STIG Hardening
-Experience in projects involving Pub1075 regulations, implementations and / or audits
-Hybrid Cloud Architecture
-Hyperconverged Infrastructure
REQUIRED EDUCATION/CERTIFICATIONS:
•A Bachelor’s degree in information technology systems, computer science, or related field and two (2) years of experience in information technology systems or related area, an Associate’s degree in information technology systems, computer science, or related field and four (4) years of experience in information technology systems or related area, or a High School diploma and six (6) years of experience in information technology systems or related area.
PREFERRED EDUCATION/CERTIFICATIONS:
Preferred Industry Certifications in field.
-GCIH, GCTI, GCCC, GCWN, GSEC, CEH, GCIA, GCFA, GCFE, GREM, CCIM, CFCE, CCE, CIFI, CHFI, CCNA, CCNA Cyber Ops
-IBM Certified Associate Analyst – Security QRadar SIEM
SCOPE OF THE PROJECT:
This specific Statement of Work is for a Cyber SOC Lead Analyst to prevent, detect, investigate, and assist in directing remediation to cyber-attacks and threats against organization enterprise applications, networks, and services by investigating indicators of suspicious and malicious activity, and proactively discovering threats to organization. Individual must have 3 – 7 years’ experience as part of or ideally leading a CSIRT, CERT, SOC or Investigations team, including extensive SIEM experience.
This position requires previous security operational center experience – monitoring, investigating, alerting, and reporting security threats. It also requires previous experience in developing SOPs and documentation to help implement ITIL best practices and the NIST 800-53 framework.
Candidate will be required to explain previous experience in the following:
-Oversight and development of Use Cases, Playbooks/Runbooks, SOP.
-Network vulnerability and compliance scanning
– Review and interpretation of the results thereof
-Determination of severity and urgency when evaluating risk
-Working with system owners to determine if and when corrective action will be taken.
You will have a technical lead role, supporting the SOC I Analysts to find the threat actors attempting to attack SCDOR infrastructure. You will need to be a technical and professional leader, someone who enjoys training and mentoring teammates, and a person who can encourage and elevate the team.
DAILY DUTIES / RESPONSIBILITIES:
The Cyber SOC Lead Analyst will ensure the effective operations of the SOC through the following:
Technical
-Proactively search for active intrusions in the SCDOR environment, recognizing potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
-Work closely with escalation points to close out complex investigation
-Conducting holistic, investigative analysis and rating the risk associated with observed activity
-Review investigation escalations from SOC Analysts to ensure accurate analysis and provide advice/mentorship
-Refine and develop dashboards, queries and reports to continuously improve security situational awareness
-Maintain SOC documentation, procedures, processes and hardware and software inventory detail
-Demonstrate a sound understanding of security technologies and their function within a networked environment
-Adhere to corporate information security guidelines and promote information security among coworkers
-Develop reports (manual and automated) to support the development, collection, and reporting of Quality Assurance and Performance metrics.
-Performs other duties and special projects as assigned.
Non-Technical
-To demonstrate highly technical thinking and knowledge, inspire confidence and credibility within a team
-Time management on multiple investigations, prioritizing
-Appetite to develop an understanding of most investigations, cyber threats and computer forensics.
-Taking control of high pressure situations and the attention to detail to precisely find the source
-A good team ethos and drive and be a self-starter.
-The ability to work unsupervised and under pressure
-Excellent verbal and written communication skills
-Provide feedback to team regarding product issues, enhancements and new features.
-Ability to ask pertinent questions of others.
-Proactively seek to identify, communicate and implement process related improvements.
-Effectively manage multiple tasks and activities concurrently and able to provide periodic status updates to key stakeholders
-Collaborate extensively with peers and management to resolve client issues while actively contributing to a growing knowledge network that improves the effectiveness of our team and the information available to our clients.
-Prioritize numerous issues of varying severity, and effectively manage the resolution of all issues within accepted service levels. This includes ownership of the data entered into the Helpdesk system and appropriately updating both client and appropriate employees of status of all issues on a timely basis.
-Good customer skills, be attentive to detail, and responsive to customer tickets
-Performs other duties and special projects as assigned.
Experience
AdministrativeOrganizational SkillsYes8AdvancedCurrently Using4 – 6 Years
Cloudcloud platforms / environmentsNo9IntermediateWithin 6 Months1 – 2 Years
Documentation/LanguageDevelopment of Structured Written MaterialsYes9AdvancedCurrently Using4 – 6 Years
MiscellaneousAbility to deal effectively with the needs of technical peers, technical and user management, users, vendors, and staff members, and to communicate clearly and effectively in spoken and written formYes9AdvancedCurrently Using4 – 6 Years
Network SecuritySecurity Information Event Management (SIEM) systems development / configurationYes2LeadCurrently Using4 – 6 Years
Network SecurityExperience in projects involving PCI/NIST security implementations and/or audits.No8IntermediateWithin 2 Years1 – 2 Years
Network SecurityIRS Safeguard Computer Security Evaluation Matrix (SCSEM)No8IntermediateWithin 2 Years1 – 2 Years
Networking & DirectoriesNetwork securityYes1LeadCurrently Using4 – 6 Years
Operating Systems/APIsPowerShellNo1AdvancedCurrently Using2 – 4 Years
Programming LanguagesJavaNo1AdvancedWithin 6 Months2 – 4 Years
Programming LanguagesPythonNo1AdvancedCurrently Using2 – 4 Years
ProtocolsKnowledge of networking protocols, including TCP/IP, HTTP, NTP, DNS, MLLP, NDMYes3LeadCurrently Using4 – 6 Years
SpecialtiesITIL Incident and problem management processesYes7LeadCurrently Using4 – 6 Years
SpecialtiesSwitchesYes4ExpertCurrently Using4 – 6 Years