11 days old

SOC Security Analyst

Colorado Springs, CO 80903
  • Job Code
    R112534

Job Description Summary

This exciting position fills a critical role within our Security Operations Center (SOC). Work with a team of dedicated professionals on an operations floor designed by security professionals, for security professionals. Providing mission assurance through network defense, our team protects an enterprise network across the globe. The Security Operations group works hand in hand as a trusted partner with our Information Technology Department, Project teams, and our Business Development groups. The work location for this position is in Colorado Springs, CO.

Responsibilities:

The Senior Cyber Security Specialist (RESPOND) performs in-depth computer security investigations and required actions per the documented incident response lifecycle. This position requires knowledge and experience in areas including security threats and tools, attack methodologies, operating systems, networking, and incident response (containment, eradication, and recovery of affected assets). Determines and pursues course of action necessary to obtain desired results and makes recommendations and changes to departmental policies and procedures. The focus for the Senior Cyber Security Specialist is the corporate network but may also contribute to the cyber security of classified environments. The incumbent should have experience and ability to write / document policies, standards and procedure documents.

SPECIFIC RESPONSIBILITES:

  • Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats.
  • Uses mitigation, preparedness, and response and recovery approaches, to maximize preservation of data or property, and information security. Investigates and analyzes all relevant response activities.
  • Assist with Incident Detection Triage and take over Incidents from the DETECT team and complete all actions.
  • Work with IT and other units as needed, to remediate incidents, acquire the 5w's and ensure the incident has been rectified and documented appropriately.
  • Participate in the Data Spill Process, working with external groups as required to ensure cleanup and mitigation is accomplished within required times as set out by government.
  • Produce status updates on all open Incidents.
  • Produce Post-Mortems for all closed Incidents.
  • Remotely access machines to remove unauthorized software and conduct malware eradication.
  • Correlate incident data to identify specific risks and make recommendations to the PROTECT team to enable expeditious remediation
  • Monitor external data sources (e.g., vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain knowledge of threat condition and determine which security issues may have an impact on the enterprise
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and Intrusion Detection System [IDS] logs) to identify possible threats to network security
  • Perform command and control functions in response to incidents
  • Perform incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems
  • Perform real-time incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Process
  • Track and document incidents from initial detection through final resolution
  • Write and publish guidance and reports on incident findings to leadership.
  • Collect intrusion artifacts (e.g., source code, malware, and trojans) and use discovered data to enable mitigation of potential incidents within the enterprise
  • Serve as technical expert and liaison to law enforcement personnel and explain incident details as required

PREFERRED EDUCATION/EXPERIENCE:

  • A Bachelor's Degree in computer engineering, computer science, or another closely-related IT discipline.
  • At least 5 years' direct experience performing hands-on network monitoring and intrusion detection in an enterprise environment, preferably in a Security Operations Center or Computer Emergency Response Team (CERT)
  • Familiarity with CJCSM 6510.01B and related workforce structure (PROTECT, DETECT, RESPOND, and SUSTAIN)
  • Familiarity with organization and operations of a SOC environment

CERTIFICATIONS:

  • One of the following certifications are required: Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH) -, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP)

SKILLS/COMPETENCIES:

  • Good interpersonal, organizational, writing, communications and briefing skills.
  • Strong analytical and problem-solving skills.
  • In-depth knowledge of TCP/IP networking and network protocols.
  • Real-time network monitoring using Security Information and Event Management (SIEM)
  • Experience with raw packet analysis (PCAP)
  • Broad knowledge of security appliances (Intrusion Detection System, Intrusion Prevention System, Firewalls, Proxies, etc.) to include how the devices work and associated limitations.
  • Experience using a broad variety of network defense/monitoring tools in the context of an analyst
  • Experience analyzing and correlating information from multiple sources to determine the source and nature of an event.
  • Experience with event escalation
  • Basic understanding of scripting languages and syntax
  • Computer Intrusion methodology, and intrusion analysis/investigation methodology
  • Experience creating reports from large amounts of data

_

Categories

Posted: 2020-09-10 Expires: 2020-10-11

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Remember to mention ConstructionJobs as your source for this job! Employers prefer our qualified candidates, so make sure they know we sent you.

Share this job:

SOC Security Analyst

Parsons Corporation
Colorado Springs, CO 80903

Join us to start saving your Favorite Jobs!

Sign In Create Account