Security Operations Analyst (NC, Durham) 6/5/2020
Koniag Technology Solutions, Inc.
JOB DESCRIPTIONAPPLY Description
Koniag Technology Solutions is immediately hiring a Security Operations Analyst to work at our customer site in Durham, NC. This is a direct, full-time position with our company. The shift is Wed to Sun 10PM to 6:30AM..
This position is considered Essential/Mission Critical. Employees who are designated Essential/Mission Critical are expected to report to work on time and/or remain at work despite late reporting, early dismissal or closure due to weather conditions.
We offer a competitive compensation and benefits package including health, dental and vision insurance, 401K, flexible spending accounts, paid holidays, and a PTO program.
The Security Operations Center (SOC) is responsible for monitoring and enforcing compliance with documented and distributed system security standards. SOC protects client's critical assets by anticipating and leading the response to potential computer-related threats and vulnerabilities. Several systems within the security architecture allow the SOC the ability to identify threats in a proactive manner. Staffing dedicated to this effort provides the continuity of effectiveness necessary for client to respond to more advanced threats, and to adapt to network changes initiated by other Systems components. In addition, the correlation of events with data collected from other SOC initiatives will substantiate a more complete analysis of current network stability against threats.
The objective is to ensure client has suitable personnel and processes in place to properly identify, investigate, and remediate inappropriate and suspicious network behavior within the Enterprise Network. This activity is performed at approximate real-time to mitigate common, new, and unknown threats to client s Information System Network.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
* The contractor shall monitor, analyze, and manage the health of the network security operations systems. The contractor shall respond to events by documenting and investigating alerts generated by these systems.
* Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.
* The contractor shall monitor agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.
* The contractor shall utilize email, instant messaging, and other monitoring tools to remain aware of current network threats
* The contractor shall review all incoming alerts, properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.
* The contractor shall open a ticket for every potential security threat encountered and investigated throughout the course of their shift.
* The contractor shall analyze all levels of potential security threats and document findings within the agency incident response ticketing platform
* The contractor shall validate traffic and/or network activity (per alerts/logs) as anomalous in accordance with previously established Standard Operating Procedures, will be provided at the start of this subtask.
* The contractor shall identify, investigate, and escalate potential security threats to senior technicians residing in the Threat Remediation and Vulnerabilities Branch in accordance with established Standard Operating Procedures.
* The contractor shall utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports.
* The contractor shall manage the resolution of computer security events that affect client s information systems, through the use of SOC provided incident response ticketing system.
* Use the incident response-ticketing platform to determine and document problem status, resolution, and prevention measures.
* The contractor shall produce ad-hoc reports as directed by the task manager.
* Provide written reports to the SOC Manager detailing all security events related to network security matters and submit these reports according to the procedures and reporting requirements established in the SOPs and guidelines.
* The contractor shall prepare monthly reports for insertion into the US-CERT Report.
* The contractor shall prepare a monthly report on the status and progress of all current open security incident tickets and ad-hoc assignments.
* The contractor shall perform a preliminary analysis of collected data.
* The contractor shall investigate Open Source Threat Intelligence in accordance with established procedures.
* The contractor shall communicate information to remediation technicians within the Threat Vulnerabilities and Remediation Branch, and may be required to provide assistance with remediation after the technicians are consulted.
* The contractor shall also identify the necessity for, and implementation of, the creation of new intrusion detection signatures
Requirements and Education:
* The contractor shall possess a working knowledge of Security Operations and the role such systems play in detecting intrusion attempts.
* The contractor shall have experience creating custom intrusion signatures to detect specific network traffic anomalies. This requires comprehension of, and experience with, most viruses and worms, which may infiltrate and propagate throughout a large network.
* The contractor must have experience in populating sensors with newly available signatures when responding to events or management requests.
* The contractor shall provide potential security threat reporting and tracking by means of the Change Asset Problem Reporting System (CAPRS) and other Incident Response specific support systems, as directed by the task manager. Client will provide training, limited to Agency specific software, processes, and procedures.
* The contractors shall have strong oral presentation skills and the ability to articulate English in a clear and concise manner.
The following security certifications is required prior to assignment on this task:
CompTIA Security+. Proof of certifications to be printed and provided to COR & task manager prior to assignment.
Additional education considered includes bachelor or a master degree in computer science, cybersecurity, or information technology, or advanced certifications such as Certified Ethical Hacker (CEH) or Certified Information System Security Professional (CISSP).
Work Experience, Knowledge, Skills & Abilities:
* Preferrably 3-4 years of experience in application related system administration and/or related field.
* High School Diploma and/or related advanced training and certifications in computer operations or related field. BS/BA degree preferred.
* Must be able to obtain a client sponsored Public Trust level of adjudication.
* Contractors may be required to report for duty during period of inclement weather and other emergency situations. If a contractor is required to report for duty, the COTR, or an assigned alternative, will personally notify the contractor's Program Manager, or an assigned alternate. This could include being asked to report to an alternate location.
Working Environment & Conditions
This position is primarily indoors, consistent with a standard office position and has a noise level of mostly low to moderate. The incumbent is required to stand; walk; sit; use hands to manipulate, handle, or feel objects, tools, or controls; reach with hands and arms; talk and hear.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.