SOC Analyst, Mid

Basic Qualification:

• U.S. Citizen
• An active SECRET or the ability to obtain a SECRET Clearance.
• Bachelor’s degree with 5 – 7 years, master’s degree with 3 - 5 years, or PhD with 0 – 2 years; four (4) years of experience can be substituted in lieu of a bachelor’s degree.
• Experience leading incident response activities (Prepare, Identify, Contain, Eradicate, Recover)
• Experience using Security Operations (Sec Ops) tools, including any of the following: MTIPS, E3a, CASB, Qualys, Palo Alto Firewall, Palo Alto Panorama, Trellix, ForeScout CounterAct, HoneyPots, Google DLP, Entrust Identity Guard, Infoblox, KeePass, McAfee Antivirus, McAfee ePolicy Orchestrator, Microsoft Active Directory Certificate Services, Microsoft System Center Configuration Manager (SCCM), RSA token, RSA Archer, SailPoint, Skybox, Splunk, Syslog, Tenable Nessus, Thales, Valimail Enforce, VMWare AirWatch, Zimperium, EntryPoint, Tanium
• Knowledge of scripting languages (e.g., PowerShell, Python, Yara, SNORT, EQL)
• Amazon Web Services Cloud experience
• Experience working programs using ITIL v. 4 and/or Agile framework for Service Management
• Experience with the cloud-based workflow automation platform ServiceNow.

Responsible for the overall collection of operational and logistical data for assigned UAS at assigned location. Verify all data for accuracy, make appropriate changes to improve the accuracy, and transmit the data via established timelines and procedures. Acts as focal point for quality control from other sites, runs edits, corrects errors, and responds to customer contract requirements. Collects operational and logistical data on all assigned UAS platforms at your assigned location. Participates as a team member performing threat analyses based on knowledge on electronic warfare/intelligence systems and concept. Contributes to development of analytical threat models and provides functional guidance and direction to threat studies team in overall conduct of project(s). Supports team performing expert-level research and analysis of intelligence and related data support of threat studies. Provides advice, guidance, and direction to threat studies team. Supports team providing other technical services such as computer software system design/development, installation and integration planning, testing, and support of a wide range of systems that support intelligence functions. 

Key Responsibilities:

• Conduct an analysis of current operations of the SOC, analyze how the work is being done, review alerts, and SOPs to make recommendations for proposed changes and improvements to SOC operations and response metrics.
• Develop and execute an Incident Response Plan and SOC Playbook.
• Utilize the authorized security tools to perform security analysis and triage security alerts and events to prevent, detect, contain, and remediate security and privacy incidents.
• Identify, analyze, triage, report, and coordinate with CSIRT and other stakeholders to remediate all information security incident types.
• Utilize the authorized Security Tool Set) to perform security analysis and triage security alerts and events to prevent, detect, contain, and remediate security and privacy incidents.
• Coordinate with the SIEM team to create and maintain security dashboards.
• Report all information security incidents through the proper authority.
• Investigate and positively identify anomalous events that are detected by security devices. or reported to the SOC from external entities, system administrators, and the user community, via security monitoring platform and tools, incoming phone calls, emails, and the Service Desk and Incident Tracking System.
• Conduct monitoring and analysis activities.
• Utilize network-based intrusion detection systems and other Security Information tools such as Event Management solutions (SIEM/Splunk) and Network Security Management solutions (such as Skybox Security, CISCO IPS/IDS, and Nessus) for the assessment, identification, and remediation of the incidents.
• Support Incident Management and Response requirements across the security incident lifecycle phases.
• Perform ad-hoc searches for suspect activity and reverse engineering of malicious software.
• Provide investigation, review, and recommendation documentation as necessary.
• Support development of reports and documentation including SOC Improvement Plan, Security Incident Reports, Program Status Report with reporting against Objectives and SLAs, Shift Change Reports, Measurable Activities Report (WAR), SOC Playbook updated, Incident Escalation Reports, daily Monitoring Reports
• Cross-train with Network O&M/Telephony/Mobile Computing Management to assist the monitoring of all communications connectivity (e.g., VSAT, DTS-PO, VPN, SD-WAN, MPLS, and TICs), as well as the devices that terminate communications links, to ensure uninterrupted communications and in the event of a failure, provide rapid identification and resolution of problems per defined SLAs.
• Monitor the wireless network infrastructure; networks used by software development teams; bandwidth utilization and availability of communications links; and LAN device security logs, identifying and ascertaining the nature of potential security violations, and protocol configuration, route table maintenance, and alternate path mechanisms.

*Contingent on Contract Award*