CSOC Tier 1

Position Title CSOC Tier 1

Clearance TS/SCI

Location Washington DC, Maryland, Virginia

The Contractor shall provide CSOC Tier 1 services which provides 24x7x365 real-time monitoring, triage (identify, categorize, prioritize, and investigate), and escalation of cybersecurity incidents and events based on realized/observed suspicious/malicious activity, threat intelligence, external notifications/reports/orders and directives, events, and alerts. CSOC Tier 1 is responsible for recording, investigating, and processing events received via walk-ups, phone calls, email, chat, web, cybersecurity tools, and enterprise tools. All Contractor personnel performing CSOC Tier 1 services shall have or obtain within six months of start a certification that is compliant with DoDD 8140.01 and DoD 8570.01-M IAT Level II and CSSP Analyst.

Job Duties:

• Utilize the SEIM to perform 24/7 monitoring, detection, and initial triage (identify, investigate, categorize, prioritize, ticketing, and forwarding) of events/alerts/incidents. The SIEM processes approximately 100,000 Correlated Events Per Second;
• Create tickets in the agency directed ticketing system for all alerts/incidents;
• Obtain and aggregate all artifacts, data, screen shots, and other products from assets within Network Security Services, Endpoint Security Services, Cybersecurity Data Analysis Services, and other NGA assets as needed to complete the ticket for higher tier analysis;
• Submit tuning requests as needed to Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services;
• Interact with and generate tickets on behalf of CSOC customers through multiple means of communication, to include but not limited to walk-ins, phones, web, email, and text-based chat systems;
• Document the steps used to analyze and triage an event/alert/incident with sufficient detail to enable the government and other contract services to systematically reconstruct after tier 1 analysis;
• Monitor the CSOC virus submit mailbox and perform initial assessment of emails to determine if they are SPAM, phishing emails, or malware;
• Provide custom metrics to support regular and ad hoc reporting requirements (e.g., incident category types, tools used, number of indicators, time opened at each step, trending statistics, service availability, system utilization, etc.);
• Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;