Similar Jobs

View More

Cyber SOC Analyst, #2017-150 9/16/2017

Defense Point Security Greenbelt, MD

Company
Defense Point Security
Job Classification
Full Time
Company Ref #
MD0000734065
Location
Greenbelt, MD
Experience
Mid-Career (2 - 15 years)
Job Type
Regular
Education
Bachelors Degree
AJE Ref #
579541000

JOB DESCRIPTION

APPLY
Defense Point Security is currently seeking a Cyber SOC Analyst in Greenbelt, MD.

You must possess in-depth knowledge on network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure; acts as an incident "hunter," not waiting for escalated incidents; closely involved in developing, tuning and implementing threat detection analytics.

Job Responsibilities:

* Assist with the development of incident response plans, workflows, and SOPs

* Deploy and maintain security sensors and tools

* Monitor security sensors and review logs to identify intrusions

* Using a high-level scripting/programming language to extract, de-obfuscate, or otherwise manipulate malware related data

* Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods

* Work directly with cyber threat intelligence analysts to convert intelligence into useful detection

* Collaborate with incident response team to rapidly build detection rules as needed

* Identify incident root cause and take proactive mitigation steps

* Perform lessons learned activities

* Mentor junior analysts and run brown bag training sessions

* Review vulnerabilities and track resolution

* Review and process threat intel reports

* Develop and implement detection use cases

* Develop and implement IDS signatures

* Assist with incident response efforts

* Create and brief customer reports

* Participate in on-call rotation for after-hours security and/or engineering issues

* Perform customer security assessments

* Develop and run table top exercises

Job Qualifications:

* This position requires US Citizenship due to our Federal contractual obligation

* Tier 2: Bachelors Degree and 12 years of experience

* Tier 3: Masters Degree and 12 years of experience OR Bachelors Degree and 14 years of experience

* Fuse locally derived and externally sourced cyber threat intelligence into signatures, detection techniques, and analytics intended to detect and track the advanced threat

* Strong understanding of root causes of malware infections and proactive mitigation

* Strong understanding of lateral movement and footholds

* Strong understanding of data exfiltration techniques

* Demonstrated ability in critical thinking, problem solving, and analytics

* Have real world experience analyzing complex attacks and understand TTPs of threat actors

* Define relationships between seemingly unrelated events through deductive reasoning

* Experience in network/host based intrusion analysis, malware analysis, forensics, and cyber threat intel

* Knowledge of advanced threat actors and complex attacks

* Knowledge of Splunk

Preferred Qualifications:

* Expert knowledge of network routing and switching fundamentals to include knowledge of Multi-protocol Layer Switching (MPLS)

* Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures

* Knowledge of encryption, key management and cryptology

* Familiarity with the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines

* Experience with performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation

* Experience planning and implementing secure networking practices such as: application segmentation, network segmentation, NAC and other a.