• SOC Analyst

    KeenLogic (Merrifield, VA)


    KeenLogic is seeking to hire an Information Security Operation Analyst (SOC Analyst) to join our team at the Drug Enforcement Administration. The Information Security Analyst is responsible for designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information.

     

    This is a full-time position offering Fortune 500-level health/dental/vision, PTO, 401k, and Life Insurance. This is an onsite position based in Merrifield, VA.

    About the Role:

    This is a Security Operation Center position. This position primarily focuses on cybersecurity incident detection and response. Other primary areas of focus would be: zero-day events, utilizing cybersecurity tools to conduct investigations and analysis of events, and utilizing the seven steps of the Incident Response process.

     

    All the duties listed support one or more of the following cybersecurity-related functions: information security, SA&A, incident response, cybersecurity, insider threat, computer forensics, vulnerability assessment and management, network data capture, intrusion detection, log management, auditing, security incident and event management (SIEM), and penetration testing.

     

    Personnel assigned to this role will serve primarily on the Operations & Response (O&R) Team. This role may also support the Vulnerability Assessment and Penetration Test (VAPT) and Engineering teams. This position is also responsible for coordinating with both the Cybersecurity Services Section and other sections or divisions within the client’s organization. These may include, but are not limited to, IT Operations, Engineering & Integration, Software Operations, and the Office of Investigative Technology.

    Required Qualifications:

    + MUST BE A U.S. CITIZEN WITH AN ACTIVE SECRET CLEARANCE OR TOP SECRET CLEARANCE

    + Must be eligible for a Top-Secret clearance, if requested

    + Bachelor’s degree from an accredited college or university in one or more of the following disciplines or equivalent (documented formal training): computer science, information systems, engineering, business, physical science, or other technology-related discipline

    Education Substitution:

    Any combination of certificates such as Microsoft’s MCSE, or Cisco’s CCNA, CCDA, or CCNP, may be considered equivalent to two (2) years of general experience/information technology experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II or III may be considered equivalent to two (2) years of information security experience.

     

    + 3+ years of documented work experience performing any combination of Information System Security, Security Assessment & Authorization, Cybersecurity, Computer Forensics, or Insider Threat

    Preferred Qualifications:

    + CompTIA CySA+ cybersecurity analyst certification

    + Cybersecurity Incident Response and Detection experience

    + Experience in cybersecurity event triaging using the seven steps of the Incident Response Process (IRP)

    + Security Operation Center (SOC) experience

    + Conducting cyber event investigations to determine root cause of the event and whether it is a True/False Positive

    + Creating rules, thresholds, and policies associated with cybersecurity tool platforms designed to prevent Indicators of Compromise/Attack (IOCs/IOAs)

    + Verification & Validation of information, containment, eradication, and recovery from incidents

    + Experience validating hashes, malicious IPs, URLs

    + Experience investigating malicious emails and payloads

    + Experience in requirements analysis, program development, architecture, engineering, integrating, developing, and/or deploying IT products in an enterprise environment

    + Ability to create and monitor multiple cybersecurity tool dashboards

    + Experience in Open-Source Intelligence gathering

    + Experience with Threat Hunting and Vulnerability Assessment

    + Knowledge of SIEM tools and query generation

    Duties:

    + Performs network security monitoring and incident response for a large organization

    + Coordinates with other government agencies to record and report incidents

    + Maintains records of security monitoring and incident response activities using case management and ticketing technologies

    + Monitors Security Information and Event Management (SIEM) systems to identify issues for remediation

    + Recognizes potential, successful, and unsuccessful intrusion attempts through detailed analysis of event logs

    + Communicates alerts to agencies regarding intrusions or compromises to network infrastructure, applications, and OS

    + Assists with implementation of countermeasures or mitigating controls

    + Supports efforts to consolidate and analyze threat data from classified, proprietary, and open-source sources

    + Supports Team Lead in developing SOP updates

    + Monitors and reviews logs from security tools and creates new signatures to enhance performance

    + Performs all aspects of intrusion detection, log and audit management, vulnerability assessment, compliance management, and security configuration

    + Installs, configures, troubleshoots, and maintains server hardware/software to ensure CIA (confidentiality, integrity, availability)

    + Manages accounts, security devices, and patches; responsible for access control/passwords/account administration

    + Analyzes collected information to identify vulnerabilities and exploitation risks

    + Provides support in the development of countermeasures

    + Identifies network and OS vulnerabilities and recommends mitigation strategies

    + Supports deployment and integration of security tools

    + Prepares written reports and delivers verbal information security briefings

    + Investigates, monitors, analyzes, and reports on security incidents

    + Responds to crisis/urgent security situations

    + Applies mitigation, preparedness, response, and recovery measures to maximize cybersecurity

    + Provides incident handling support across detection, analysis, coordination, and remediation

    + Monitors networks to identify and remediate unauthorized activity

    + Monitors intrusion detection sensors and log collection hardware/software

    + Monitors all systems for maximum performance and availability

    + Analyzes computer security threats from diverse sources and agencies

     

    Powered by JazzHR