Unfortunately, this job posting is expired.
Don't worry, we can still help! Below, please find related information to help you with your job search.
Don't worry, we can still help! Below, please find related information to help you with your job search.
Related keywords
- Cyber Security Operations Analyst
- Associate Security Operations Analyst
- Lead Cyber Security Operations Analyst
- Cloud Security Operations Analyst
- Associate Security Operations Center Analyst
- Security Operations Analyst
- Cyber Security Operations Center Analyst
- Information Security Operations Analyst
- Senior Security Operations Center Analyst
- Network Security Operations Analyst
Some similar recruitments
Security Operations Center Analyst
Recruited by TechnoGen, Inc. 10 months ago
Address Crownsville, MD, United States
Security Operations Analyst Jobs
Company | Koniag Government Services |
Address | Baltimore, MD, United States |
Employment type | FULL_TIME |
Salary | |
Category | IT Services and IT Consulting |
Expires | 2023-08-20 |
Posted at | 11 months ago |
Tuknik Government Solutions , a Koniag Government Services Company, is seeking an experienced Security Operations Analyst to support TGS and our government customer in Baltimore, MD.
- Validate traffic and/or network activity (per alerts/logs) as anomalous in accordance with established Standard Operating Procedures.
- Monitor agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.
- Identify, investigate, and escalate potential security threats to senior technicians in accordance with established Standard Operating Procedures.
- Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.
- Review all incoming alerts, and potential security threats, and properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.
- Utilize email, instant messaging, and other monitoring tools to remain aware of current threats SSA networks face daily.
- Manage the resolution of computer security events that affect SSA information systems using SSA SOC provided incident response ticketing system.
- Utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports.
- Provide written reports to the SSA SOC Manager detailing all security events related to network security matters and submit these reports according to the procedures and reporting requirements established in the SOPs and SSA guidelines.
- Produce ad-hoc reports as directed by the task manager.
- Prepare monthly reports for insertion into the US-CERT Report.
- Prepare a monthly report on the status and progress of all current open security incident tickets and ad-hoc assignments.
- Use the incident response-ticketing platform to determine and document problem status, resolution, and prevention measures.
- Monitor daily log data gathered from various resources, such as sensor alert logs, firewall logs, content filtering logs, and Security Event Manager for suspected security threats
- Upon identification of a possible threat, communicate that threat to customer, as directed by the task manager.
- Document a problem resolution progress from initial reporting to resolution within the agency incident response ticketing platform
- Provide 24/7/365 monitoring of the “SOC SPAM” mailbox(s) for suspicious messages submitted by SSA government and contractor personnel.
- Conduct Threat intelligence research of open sources to identify previously unknown Indicators of Compromise. Indicators shall be validated by senior analysts and updated on all Security sensors/systems.
- Filter non-threatening network traffic for enhanced reporting accuracy.
- Respond to new threats and may be required to initiate and assist in drafting remediation strategies. All documentation will be hosted in the branch’s collaborative document library.
- Make determinations of the operational impact that a particular threat has on SSA systems
- Follow the escalation procedure SOP to make a recommendation for immediate corrective actions to higher-level technicians.
- Monitor Open-Source intelligence threat feeds, responding to anomalies and creating a ticket in the agency incident response-ticketing platform of any identified PII leaks.
- Continuously tune Government provided Security Information and Event Management (SIEM) System, through rule creation and engineering to reduce false positives and discover previously unknown threats
- Investigate Open-Source Threat Intelligence in accordance with established procedures.
- I dentify newly discovered vulnerabilities and exploits. Develop, implement, and disseminate new intrusion detection signatures as directed by the task manager, creating custom signatures when needed.
- Provide ongoing monitoring of intrusion detection systems and newly developed exploits for Windows and UNIX systems.
- Communicate information to remediation technicians and may be required to aid with remediation after the technicians are consulted.
- Analyze and process suspicious web or email files for malicious code discovered through enterprise log monitoring and any other available sources.
- Assist with remediation, if requested. Assistance may include but is not limited to gathering additional log data, contacting users, or testing remediation processes.
- Classify events based on the most current US‐CERT Impact Classification guidelines.
- Perform a preliminary analysis of collected data.
- Maintain awareness of Open-Source intelligence threats, identifying risks to agency personnel involved in Open sources breaches, and documented breaches within the agency incident response-ticketing platform.
- Identify the necessity for, and implementation of, the creation of new intrusion detection signatures.
- Minimum education also includes HS diploma, but Associates in cyber will be favorably reviewed.
- Must have at least one of the following industry certifications:
- 2 years of direct SOC Cyber experience or Computer Security Incident Response Team (CSIRT).
- Strong oral presentation skills and the ability to articulate English in a clear and concise manner.
- Additional education considered include bachelor or a master degree in computer science, cybersecurity, or information technology, or advanced certifications such as Certified Ethical Hacker (CEH) or Certified Information System Security Professional (CISSP).
- CompTIA A+ (Preferred)
- CompTIA CySA+
- CompTIA Security+
- Proof of certifications to be printed and provided to COR & task manager prior to assignment.
- CompTIA Network+
- May be required to report for duty during period of inclement weather and other emergency situations.
- Possess a working knowledge of Security Operations and the role such systems play in detecting intrusion attempts.
- Must have experience responding to computer security incidents.
- Requires comprehension of, and experience with, viruses and worms that may infiltrate into and propagate throughout a large network.
- Must be able to obtain a client sponsored Public Trust level of adjudication.
- Must have experience with Microsoft Windows Operating Systems both desktop and server.
- Supports integration of multiple vendor products into a seamless operation.
- Requires knowledge networking fundamentals to understand how network assets communicate and behave on the network, requiring routing and networking protocols such as IP, FTP, SSH, SSL, Telnet, SMTP, TCP/IP, UDP, Windows SMB, and others.
-
Systems Analyst - Excel, Xml, Sql, Scripting
By CyberCoders At Salt Lake City, UT, United States 8 months ago
-
(Senior) Finance & Shared Services Manager
By Catholics For Choice At Washington, DC, United States 8 months ago
-
Paralegal - Probate Administration
By CyberCoders At Miami, FL, United States 8 months ago
-
Account Executive - Automotive Software
By ECW Search At United States 8 months ago
-
Construction Project Coordinator Jobs
By CyberCoders At River Falls, WI, United States 8 months ago