Network Security Analyst-188 8/8/2016
JOB DESCRIPTIONAPPLY DESCRIPTION
Strategic Enterprise Solutions, Inc. (SE Solutions) is a proven, results-focused management and information technology services firm committed to support federal agencies that focus on protecting and defending our nation s homeland security, intelligence, and stability. In a rapidly changing threat landscape, we have the organizational agility, deep homeland security experience, cultural insight and multidisciplinary expertise to help our customers accomplish today s mission and anticipate tomorrow s demands, efficiently and cost-effectively.
SE Solutions IT security professionals to support federal agencies in the in the development and application of a comprehensive cybersecurity solutions including risk management, incident response, continuous monitoring, ongoing authorization, security architecture and engineering, and penetration testing. SE Solutions is currently looking for experienced Network Security Analysts in support of our Homeland Security network security operations center support engagements. Responsibilities include, but are not limited to the following:
* Security Analysts shall act as a member of a team that provides support to monitor and analyze security events and alerts reported by the SIEM on a 24x7 basis to identify and investigate suspicious or malicious activity, or other events which violate DHS policy.
* Personnel shall be familiar with analyzing security logs and events from the following types of devices: Firewalls, NIDS, HIDS, Proxy/web filter, vulnerability scans, routers, router IP accounting systems (i.e., Cisco NetFlow), Virtual Private Network (VPN) gateways/concentrators, server event logs, e-mail and host anti-virus, desktop security monitoring agents, Anti-Virus servers, Internet Protocol services (i.e. DNS, DHCP).
* Personnel shall open a case in the SOC ticket management system for all security investigations performed, or security incidents handled, as part of this service.
* Security Analysts shall collect and maintain information pertinent to security investigations and incidents in a form which can support current and/or future analysis, situational awareness, and law enforcement investigation efforts.
* Personnel shall be able to engage and coordinate incident remediation procedures with appropriate IT infrastructure operations and management team (IO&M); i.e. the IT Infrastructure Provider Operations Team, IR Team, Engineering and Architecture Team, etc.; to request additional information during the course of determining, confirming, and validating the veracity of a security event, as required. Analysts shall provide support with the maintenance of all email or any record of correspondence associated with all security events and incident investigations within the SOC ticket management system to serve as an audit trail record.
* Personnel shall be able to identify and perform initial triage of security feeds outages, and support the remediation by the appropriate IT IO&M team.
* Personnel shall act as a member of the team that provides 24x7 monitoring and analysis of available; i.e. open source, US-CERT, DHS, FOUO indicators from HSDN, trusted third parties, social media, etc.; sources of threat data to assess the potential risks it may present against the infrastructure.
* B.A. or B.S. in Information Technology or a related field; or have equivalent and direct experience working in a network security operations center environment performing security event monitoring and event analysis.
* Security+, GSEC or equivalent certification is desired.
MINIMUM YEARS OF RELEVANT EXPERIENCE
* Hands-on experience with working in a network security operations center environment performing security event monitoring and analysis
* 3 years of experience relevant to network security monitoring.
* Must possess strong organizational, analytical and attention to detail skills
* Must have the ability and prior experience with analyzing information technology security events to discern events that qualify as a legitimate security incidents as opposed to non-incidents. This includes the identification of malicious code present within a computer system as well identification of malicious activities present within a computer system and/or enterprise network.
* Must have experience working with a ticket management system to collect, document and maintain information pertinent to security investigations and incidents
* Must possess excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings
* Must possess experience in monitoring the operational status of monitoring components and escalating and reporting outages of the components
* Must possess a working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks. A conceptual understanding of Windows Active Directory is also required.
* Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
* Must have experience working with various event logging systems and must be proficient in the review of security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also required.
* Must have experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
* Must possess experience in collecting and maintaining information pertinent to security investigations and incidents in a format that supports analysis, situational awareness reporting, and law enforcement investigation efforts
* Active Secret
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.