CSIRT Analyst

Evolver Federal is seeking a CSIRT Analyst to join our team supporting our federal customer located at Stennis Space Center, MS. CSIRT is the primary entity of the SOC and the heart of Incident Response Operations. They are responsible for monitoring, incident recording, and reporting of cyber security events or incidents. The goal of CSIRT is to minimize and control the damage resulting from cybersecurity events or incidents, provide effective guidance for response, coordinate recovery activities, and work to prevent future incidents from occurring. Additionally, they provide coverage to ensure a proactive approach to defending against email attacks and a reactive approach when responding to successful attacks.

Responsibilities:

• Provide 24x7x365 on site coverage monitoring and incident recording of security alerts and security event information received from all of our customer's security feeds, tools and designated system logs in near real time;
• Track all security incidents via Swimlane, ServiceNow and DHS ECOP;
• Provide remedial recommendations and produce consistent comprehensive reports on findings. Activities include:
  • Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting our customer's networks
  • Analysis and recommendation of hardware and/or software tools that will assist in traffic analysis
  • Implementation, training, and SOP development and maintenance of implemented solutions
  • In-depth Web log analysis to determine trend, patterns, and suspicious activity
  • Pattern analysis, trend analysis, behavior analysis, and other specialized analysis
  • Reporting results of all analyses to the SOC GWO and PM
• Coordinate and advise on incident response actions taken by Incident Response Handlers for incidents affecting their areas
• Develop and maintain formal, documented SOPs that are delivered for the SOC GWO's review and approval when developed or modified. SOPs provide the operational basis for the customer's SOC Concept of Operations (CONOPS)
• Investigate and identify anomalous events that are detected by security devices or reported to the SOC from external entities, other DHS Components, system administrators, and the user community via Security Orchestration and Automation Response (SOAR) platform security tools, incoming phone calls, emails, and SNOW/ECOP tickets
• Analyze suspicious web or email files for malicious code discovered through SPAM email monitoring and any other available sources
• Determine indicators, including command and control channels, of malicious code
• Collaborate with the Malware Analysis team to dissect Targeted Spear Phishing attacks from general mass email attacks

Basic Requirements

• Must be a US Citizen able to obtain an Agency-specific clearance prior to starting
  • Must also be able to obtain a DoD Top Secret Clearance (this can be done while working on the program)
• Must have at least one active certification to include: Security CE, ISC2 CISSP or other comparable certification approved by the customer
• Bachelor's Degree and a minimum of 1 year of applicable experience is required. 4 years of additional applicable experience may substitute for a degree.

Preferred Requirements

• Familiarity with the Splunk and McAfee EPO
• Current Active DOD Top Secret Clearance

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.