Security Operations Analyst (MD, Baltimore) 9/2/2020
Koniag Technology Solutions, Inc.
JOB DESCRIPTIONAPPLY Description
Koniag Technology Solutions is immediately hiring a Security Operations Analyst to work at our customer site in Baltimore, MD. The work hours are Wednesday to Sunday 6AM to 2:30PM. This is a direct, full-time position with our company. This position is considered Essential/Mission Critical. Employees who are designated Essential/Mission Critical are expected to report to work on time and/or remain at work despite late reporting, early dismissal or closure due to weather conditions.
We offer a competitive compensation and benefits package including health, dental and vision insurance, 401K, flexible spending accounts, paid holidays, and a PTO program.
Must be able to obtain and maintain a client-sponsored HSPD-12 Suitability
The SOC is responsible for monitoring and enforcing compliance with documented and distributed Customer Security Standards. SOC protects critical assets by anticipating and leading the response to potential computer-related threats and vulnerabilities. Several systems within the security architecture allow the SOC the ability to identify threats in a proactive manner. Staffing dedicated to this effort provides the continuity of effectiveness necessary for customer to respond to more advanced threats, and to adapt to network changes initiated by other Systems components. In addition, the correlation of events with data collected from other SOC initiatives will substantiate a more complete analysis of current network stability against threats.
* The contractor shall perform a preliminary analysis of collected data. The contractor shall investigate Open Source Threat Intelligence in accordance with established procedures.
* Upon identification of a possible threat, the contractor shall be required to communicate that threat to customer staff, as directed. In addition, the contractor shall communicate information to remediation technicians, and may be required to provide assistance with remediation after the technicians are consulted.
* The contractor shall also identify the necessity for, and implementation of, the creation of new intrusion detection signatures.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
* The contractor shall monitor, analyze, and manage the health of the network security operations systems.
* The contractor shall respond to events by documenting and investigating alerts generated by these systems.
* Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.
* The contractor shall monitor agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.
* The contractor shall utilize email, instant messaging, and other monitoring tools to remain aware of current threats SSA networks face daily.
* The contractor shall review all incoming alerts, properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.
* The contractor shall open a ticket for every potential security threat encountered and investigated throughout the course of their shift.
* The contractor shall analyze all levels of potential security threats and document findings within the agency incident response ticketing platform
* The contractor shall validate traffic and/or network activity (per alerts/logs) as anomalous in accordance with previously established Standard Operating Procedures, will be provided at the start of this subtask.
* The contractor shall identify, investigate, and escalate potential security threats in accordance with established Standard Operating Procedures.
* The contractor shall utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports.
* The contractor shall manage the resolution of computer security events that affect customer s information systems through the use of SOC provided incident response ticketing system.
* The contractor shall monitor daily log data gathered from various resources, such as sensor alert logs, firewall logs, content filtering logs, and Security Event Manager for suspected security threats.
* The contractor shall monitor and investigate possible intrusion attempts or other anomalies. Documenting their activities in the agency incident response-ticketing platform.
* Investigate and positively identify anomalous events that are detected by security devices or reported to the SOC from external entities, Components, system administrators, and the user community via security monitoring platform and tools, incoming phone calls, emails, and workflow ticketing and assignment tools.
* Analyze suspicious web or email files for malicious code discovered through enterprise log monitoring and any other available sources.
* The contractor shall filter non-threatening network traffic for enhanced reporting accuracy.
* The contractor shall document a problem resolution progress from initial reporting to resolution within the agency incident response ticketing platform
* The contractor shall make determinations of the operational impact that a particular threat has on systems, in accordance with US Cert Federal Incident Notifications Guidelines and Agency established standard operating procedures.
* The contractor shall follow the escalation procedure SOP to make a recommendation for immediate corrective actions to higher-level technicians.
* The contractor shall assist with remediation, if requested. Assistance may include but is not limited to; gathering additional log data, contacting users, or testing remediation processes.
* The contractor shall respond to new threats and may be required to initiate and assist in drafting remediation strategies.
* The contractor shall provide ongoing monitoring of intrusion detection systems and newly developed exploits for Windows and UNIX systems.
* The contractor shall identify newly discovered vulnerabilities and exploits. Develop, implement and disseminate new intrusion detection signatures as directed by the task manager, creating custom signatures when needed.
* Continuously tune provided Security Information and Event Management (SIEM) System, through rule creation and engineering to reduce false positives and discover previously unknown threats
* The contractor shall monitor Open Source intelligence threat feeds, responding to anomalies and creating a ticket in the agency incident response-ticketing platform of any identified PII leaks.
* Classify events based on the most current US-CERT Impact Classification guidelines.
* Provide 24/7/365 monitoring of the SOC SPAM mailbox(s) for suspicious messages.
* Process suspicious emails within dedicated software, according to documented organizational procedures.
* The contractor shall monitor via agency software complete resolution or referral of all network security issues in accordance with established timelines as established in SOC SOPs.
* The contractor shall maintain awareness of Open Source intelligence threats, identifying risks to agency personnel involved in Open sources breaches, and documented breaches within the agency incident response-ticketing platform.
* The contractor shall conduct Threat intelligence research of open sources in order to identify previously unknown Indicators of Compromise.
It is critical that the contractors have strong oral presentation skills and the ability to articulate English over the telephone.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.