Tier II Security Operations Center Analyst

This job is no longer active. View similar jobs.

POST DATE 9/19/2016
END DATE 10/15/2016

CGI Huntsville, AL

Huntsville, AL
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Mid-Career (2 - 15 years)


Job Description:

Tier II Security Operations Center Analyst Position Description CGI Federal is seeking a Security Operations Center Security Specialist to support our Security Operations Center team based out of Huntsville Alabama. A Security Specialist needs to attain a vast technical expertise, security experience, and business understanding. The duties and responsibilities of the SOC Security Specialist include many aspects of leadership and security knowledge. Security Specialists are to stay abreast of security trends to provide actionable recommendations, implement these recommendations, and disseminate the information (as needed), to peers and leadership. Examining trends daily operations and event data to determine emerging security threats, will allow the ability to pinpoint areas requiring improvement such as staffing, training, processes, policies or technologies. Security Specialists will also research and apply techniques to centralize processes, automate repetitive tasks, and generate higher productivity from the team, this includes developing focused reporting and briefings for cyber threats. The Security Specialist has the overall responsibility of providing training, knowledge, guidance, and direction for security awareness mitigations under the team's operational scope. Security Specialists need to have an up-to-date understanding and knowledge of outstanding security issues, detection abilities, mitigation procedures, tools, and monitoring objectives within the SOC's area of responsibility. In the case of Incident Response, the Security Specialists are responsible for ensuring the proper completion of all incident response activities, primarily high priority, critical, and corporate visibility incidents. Security Specialists ensure the necessary documentation reports are generated and the proper guidance is provided for SOC members to meet SLA and meet deliverable requirements. Security Specialists need to provide a defined structure to prioritize and escalate issues and to establish proactive, rather than reactive, methods within the security team. Your future duties and responsibilities Understand and maintain the appropriate knowledge of Security Technologies, (AV, FIM, HIPS, NIPS, SIEM, WAF/DAM, DLP), security procedures, and services within the SOC as well as ensuring all tools are functioning properly. Perform post-incident report according to standard operations as well as activities such as identifying what was done right and wrong, identifying tools that may have helped the investigation and those that hindered it. Discuss with the responsible parties on what could have been done better Is responsible for designing or participating in the implementation of the technical solution/processes in compliance with the security standards and operational feasibility. Assist in developing and maturing the future services and capabilities of the SOC, such as Forensics, Threat Management, Penetration Assessments, Tool Management, and more. Ensure that all procedures and operations are carried out by the responsible parties. Perform incident triage to include determining scope, urgency, and potential impact. Assist Analysts in monitoring network traffic and security alerts for potential events/incidents as well as trending and historical analysis and ensuring all incident reports are complete and written within standard operations, ensure ticket audits and reviews are completed Provides support to security operational teams on escalated incidents including troubleshooting, analysis and resolution, Act as a security representative for SDMs for high priority incidents Provides oversight on incident handling to ensure all mitigation techniques are being achieved Ensure the transfer of knowledge between analyst shifts and leadership to provide an understanding of all updates, assignments, training, and SOC procedures. Act as an escalation point for event analysis and incident handling, Required to control and manage Critical incidents to ensure all standard operations are taking place Develop focused reporting and briefings for advanced cyber threats Ensure event analysis and incident reports are documented and quality control is applied to ensure accuracy. Provides the training, time, guidance, direction, and administrative action to ensure that team responsibilities are completed at the best quality level possible. Document and maintain a knowledge base of alarms (false positives and false negatives, blacklists, whitelists) that IDS and IPS encounter. Serve as work area experts for security/information assurance policy recommendations. Gather intelligence from sources outside the SOC (both internal and external sources) and leverage for operations Required qualifications to be successful in this role Education or Experience Minimum of four (4) years of direct experience as a Security Analyst or SOC role within the last eight years, and demonstrated ability to carry out the functions of the job or any combination of education and experience, which would provide an equivalent backgroundRequired: Experience and extensive knowledge of a SIEM and event analysis and information gathering Experience in leading Security Incident Handling procedures using SANS methodology Ability and experience in writing clear and concise technical writing specifically in event analysis and incident handling documentation Experience in Intrusion Detection or Prevention Systems Experience with the TCP/IP stack, DNS, BGP and metadata. Knowledge of: TCP/IP, computer networking, routing and switching Experience in Linux/UNIX and Windows based devices at the System Administrator level Team player, excellent communication skills, good time management Organizational skills and the ability to work autonomously with attention to processes Ability to speak and communicate effectively with peers, management and clients Ability to speak and write fluently. Desirable: SIEM experience with Splunk Forensics Content Management and development for Security technologies (AV, FIM, HIPS, NIPS, SIEM, WAF/DAM), Security +, Network +, CISSP, CEH, GCIA, GCIH, CISM, SPLUNK Training Knowledge and Experience of Security practices within an MSS environment. US Federal Government security clearance (Public Trust), or the ability to become cleared Experience in training mentoring colleagues Due to the government contract, the position requires candidates to be US Citizens with the ability to get a security clearance.*LI-GR1 At CGI, we're a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 65,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com.This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please.All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary depending upon specific assignment, or upon any US government security clearance if required. Qualified applicants will receive consideration for employment without regard to