Security Operations Center (SOC) Analyst

Job Description

OVERVIEW :

We are seeking a SOC Resolution Analyst for the Security Operations Center (SOC). The Division of Security Operations (DSO) SOC is responsible for investigating all anomalous traffic across the agency and remediating malicious traffic, unauthorized software, network vulnerabilities, compliance issues, malware forensics and Security Policy violations.

Currently, the SOC monitors and detects anomalous activity and resolves findings. The SOC also receives security tickets on network vulnerabilities and compliance issues from Enterprise Testing & Web App Security Branch.

GENERAL DUTIES :

• Respond to CAPRS / ServiceNow tickets, emails, and verbal reports of security vulnerabilities, insider threats, malware forensics and compliance issues.
• Responsible for remediating those security vulnerabilities, insider threat, malware forensics and compliance issues.
• Validate alerts from a variety of monitoring technologies.
• Respond to and act on tickets opened by lower level security engineers or SOC analysts in Resilient / CAPRS.
• Utilize various malware removal and remediation tools to investigate, contain and prevent the spread of malware to other agency devices.
• Assist in the development of tools / scripts in order to respond more effectively to incidents.
• Develop and document remediation strategies.
• Coordinate with internal Office of Systems Operations and Hardware Engineering (OSOHE) and SITE LAN Coordinators on remediation of devices.
• Determine if other infrastructure is also infected and correct.
• Analyze RAM captures for security vulnerabilities and document findings in Resilient / CAPRS.
• Perform a deep dive of the incident and forensically investigate where and when it first came from in accordance with the SOC Standard Operating Procedures and task manager direction.
• Analyze data in ticketing systems for all network assets critical vulnerabilities and misconfigurations on the agency’s network.
• Identify, troubleshoot, and resolve common patch deployment issues on all agency’s network assets.
• Inform device administrators upon detection and at 30, 60 and 90 days for the need to take corrective action via phone, email and ticketing systems, and other communication methods.
• Follow up on requests for corrective action via all relevant communication methods, and track progress and status using MS Excel spreadsheets, SharePoint / Confluence, Resilient ticketing, and other means, as needs arise.
• Coordinate with other component’s technicians as needed to troubleshoot / correct vulnerabilities.
• Provide technical support, guidance, and recommendations to system owners and SOC management.

Required Skills

REQUIRED QUALIFICATIONS :

• Active CompTIA A+ and one of the following : CompTIA CySA+ or CompTIA Network+ or CompTIA Security+
• 4+ years of direct network management experience.
• Possess a working knowledge of Security Operations and the role the systems play in detecting intrusion attempts.
• Experience responding to computer security incidents that requires comprehension of, and experience with, most viruses and worms that may infiltrate into and propagate throughout a large network.
• Experience with Microsoft Windows Operating Systems (XP and higher) both desktop and server, as well as experience with Solaris (9 and higher), Unix and Linux, and HP-UX.
• Strong subject matter experience in network characteristics analysis, design of network topologies and site configurations, installation, transition, and cutover of network components.
• Demonstrate knowledge and experience configuring, and operating Network Management solutions.
• Strong written and oral presentation skills, and the ability to articulate English in a clear and concise manner.
• Must be able to obtain a client-sponsored Public Trust level of adjudication.

CLEARANCE :

US Citizenship required

Desired Skills

DESIRED QUALIFICATIONS :

Additional education considered includes bachelor or a master’s degree in computer science, cybersecurity, or information technology, or advanced certifications such as Certified Ethical Hacker (CEH) or Certified Information System Security Professional (CISSP).

About Procession Systems

About us