SOC Analyst II - Security Operations Analyst Tier II - Military veterans preferred

2019-05-15
SAIC (www.saic.com)
Other

/yr

  full-time   employee


Vienna
Virginia
22182
United States

Description

JOB DESCRIPTION:

• SAIC is currently seeking candidates for a Sr. Cyber Security Threat Hunter - Tier II SOC Analyst, supporting one of our federal customers in Vienna, VA.

• This is an exciting opportunity to be part of a key team of cyber security professionals here at SAIC, supporting full life cycle cyber security operations for our customer.

• We are seeking an individual that can bring security analysis and incident response experience to support daily operations and help grow and mature our current SOC environment.

• As a Cyber Threat Hunter you will be responsible for participating in threat actor based investigations, creating new detection methodologies, and provided expert support to incident response and monitoring functions.

• The focus of the Threat Hunter is to detect, disrupt and the eradication of threat actors from enterprise networks.

• To execute this mission, the Threat Hunter will use data analysis, threat intelligence, and cutting-edge security technologies.

• You will also directly support the Security Operations Center by applying analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response.

Responsibilities:

• General SIEM monitoring, analysis, content development, and maintenance.

• Research, analysis, and response for alerts; including log retrieval and documentation.

• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms.

• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.

• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management.

• Track threat actors and associated tactics, techniques, and procedures (TTPs).

• Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors.

• Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs.

• Analyze malicious campaigns and evaluate effectiveness of security technologies.

• Develop advanced queries and alerts to detect adversary actions.

• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting- edge security technologies.

• Design and build custom tools for investigations, hunting, and research.

• Assist in the design, evaluation, and implementation of new security technologies.

• Lead response and investigation efforts into advanced/targeted attacks.

• Hunt for and identify threat actor groups and their techniques, tools and processes.

• Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses.

• Provide expert analytic investigative support of large scale and complex security incidents.

• Perform Root Cause Analysis of security incidents for further enhancement of alert catalog.

• Continuously improve processes for use across multiple detection sets for more efficient Security Operations.

• Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.

• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors.

• A passion for research, and uncovering the unknown about internet threats and threat actors.

• Ensure the SOC analyst team is providing excellent customer service and support.


Qualifications

CLEARANCE REQUIREMENT:

  • Ability to obtain a Public Trust Clearance before start date 
  • US Citizenship is required
  
REQUIRED EXPERIENCE:
 
  • 5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center
  • BA/BS degree is required OR an additional 6 years of relevant work experience in lieu of degree. 
  • 3+ years experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk or similar tools, and malware triage. 
  • 3+ years experience with creating automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior. 
  • Demonstrated knowledge of the Splunk search language, search techniques, alerts, dashboards and report building. 
  • Strong analytical and investigation skills & active threat hunting and adversary tracking.
  • Working knowledge of security architectures, devices and threat intelligence consumption and management.
  • Working knowledge of root causes of malware infections and proactive mitigation. 
  • Working knowledge of lateral movement, footholds, and data exfiltration techniques. 
  • Experience with Netflow or PCAP analysis.  
  • Track record of creative problem solving, and the desire to create and build new processes.
  • Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.
  •  Convert intelligence into actionable mitigation and technical control recommendations.
  • Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts.
  • Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
  • Strong time management and multitasking skills as well as attention to detail as we well as strong collaborative skills and proven ability to work in a diverse team of security professionals.

DESIRED EXPERIENCE:

  • Experience with one or more scripting languages (e.g., Python, JavaScript, Perl) 
  • Perform memory analysis  and malware analysis
  • Experience with computer exploitation methodologies
  • Experience as a government contractor
  • CISSP or GCIA/GCIH is preferred