SOC Analyst/Security Engineer Technical Specialist

Job Description

Job Description

Job Title: Sr. SOC Analyst/Security Engineer Technical Specialist
Location: Sterling, VA
Terms: Full-time
Requirements: Must be a U.S. Citizen with Active Secret Security Clearance

About us
Cyber Management is a rapidly growing Veteran Owned Small Business (VOSB). To us, Cyber is no buzzword…it is all of the technology supporting our business, government, and personal information, and we understand how vital it is to integrate security into the overall cyber management schema from design through operations. Information is one of the greatest resources of our time…keeping it flowing and keeping it safe is our mission. Come join us as we grow!

We offer:

• Excellent compensation, benefits and financial incentive
• Opportunity to work with highly skilled and talented people
• A Company that understands and values what you do, and committed to mutual success!

About the Role
Cyber Management International Corporation is actively recruiting a highly motivated Sr. SOC Analyst/Security Engineer Technical Specialist to support our client at the U.S. Department of State (DOS) Consular Affairs Enterprise Infrastructure Operations (CAEIO) Program, for the Bureau of Consular Affairs (CA).

• Training and assisting JR SOC members
• Building out processes and procedures to include documenting work in SOPs
• Utilizing SIEM tools such as SPLUNK and EDR tools to enhance monitoring capabilities and perform monitoring duties as well as expanding on the security posture of the current environment
• Building out processes, procedures, and developing SOPs
• Coordinating with internal and external teams to address threats and risks via investigation and forensic analysis
• Advising management and team members of risks associated with technologies and implementation approaches and identify methods of risk mitigation
• Investigating alerts, threat hunting, and notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact in accordance with the organization's cyber incident response plan
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources Writing advance ad-hoc SPL queries
• Training, assisting, and developing JR SOC members in investigations
• Ability to lead, manage, and write reports on investigations, incidents, and other security related matters
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Incident Response Teams (IRTs)
• Developing and documenting configuration standards, policies, and procedures for operating, managing and ensuring the security of system infrastructure
• Performing analysis of log files from a variety of sources (g. Individual host logs, network traffic logs, firewall logs, and intrusion detection system {IDS} logs) to identify possible threats to network security
• Recommend and implement system enhancements that improved the performance, security, and reliability of the system
• Create, discuss and explain technical documentation
• Identifying different tactics and techniques of attacks

Qualifications: Basic Requirements

• US Citizenship required and an active SECRET clearance with the ability to obtain a Top Secret clearance
• BS degree and 5 to 7 years’, experience or MS degree with 3 to 5 years’, experience or a high school diploma/equivalent with minimum 9 years’, experience
• 5+ years of related systems engineering experience - primarily in a government environment
• Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions
• 3+ years of experience with Splunk, Splunk dashboard and Microsoft Sentinel
• 5+ years SOC or Cybersecurity related
• 4+ years querying and manipulating data with at least 2+ experience with SPL (required) with knowledge of data types, conditions, and regular expressions
• Solid knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors
• Understanding of Boolean logic and event correlation
• Strong experience with Splunk, Microsoft Sentinel, and EDR tools
• Strong ability to identify logging and monitoring requirements/gaps
• Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow.
• Security+ CE or other 8570 IAT level II certification

Qualifications: Preferred Requirements

• Scripting experience
• Experience writing regular expressions
• Splunk admin experience
• Data normalization with Splunk using/creating field aliases, calculated fields, field extractions
• Certified Splunk Power User or higher
• Knowledge of cybersecurity frameworks and standards
• Ability to track incidents using MITRE ATT&CK and Cyber Kill Chain methodology
• Knowledge of cloud security
• Knowledge of current IT security best practices
• Knowledge of system administration, networking, and operating system hardening techniques
• Mixed operating systems experience: (Linux, Windows)
• Experience troubleshooting issues related to storage
• Scripting/coding experience
• Knowledge of F5 Application Security Manager (ASM) concepts and techniques

Shift:

• First shift (7am-3pm), Saturday-Wednesday

For more information about our company, please visit or email us at [email protected]