Global IT Manager
Fluent Trade Technologies
FirewallsLinuxVMwareVoIP
SOC Analyst
Agile Defense
full-time
Posted on:
Origin: • 🇺🇸 United States • Virginia
Visit company websiteJob Level
Junior
Tech Stack
Cyber SecurityDNSLinux.NETPerlPythonRubySMTPSplunkSQL
About the role
- Provide comprehensive Security Monitoring and Incident Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise
- Conduct event triage and security investigations for potential threat activity identified within the organization
- Conduct deep-dive forensic investigations (host-based and network)
- Identify and implement countermeasures and mitigating controls for deployment in the enterprise network environment
- Develop advanced analytics, rules, filters, views, signatures, and operationally relevant scripts and applications to support detection and analysis efforts
- Track and report on incident activity to senior management and produce clear and thorough security incident reports and briefings
- Use SIEM/log management systems (preferably IBM QRadar or Splunk), intrusion detection systems, endpoint threat detection tools, and security operations ticket management
- Lead or support Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management), and Malware Analysis efforts
- Support coverage requirements across multiple shifts, including 12-hour shifts and potential night/weekend work as required
Requirements
- Clearance Level: Active DoD - Public Trust
- Position is contingent on successfully completing a program-based background investigation
- One or more certifications for CND Analysts: GCIA, GCIH, GCFA, GCFE, GREM, GISF, GMON, GXPN, CHFI, GNFA, OSCP, OSEE, OSCE, OSWP, CISSP, CCFP, LPT, CHFI, CySA
- 1+ year of experience working in network defense environments
- Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
- Familiarity with coding, scripting languages (BASH, Powershell, Python, PERL, RUBY etc.) or software development frameworks (.NET)
- Previous hands-on experience with Security Information and Event Monitoring (SIEM) platforms and/or log management systems (preferably IBM QRadar or Splunk)
- Familiarity with intrusion detection systems, intrusion analysis, endpoint threat detection tools, and security operations ticket management
- Strong analytical and technical skills in computer network defense operations, Incident Handling (Detection, Analysis, Triage), Hunting and Malware Analysis
- Prior experience analyzing IT security events to discern legitimate security incidents, perform triage, investigation, implement countermeasures, and conduct incident response
- Strong logical/critical thinking abilities (analyzing windows event logs, Tanium queries, network traffic, IDS events)
- Strong proficiency in report writing; technical writing sample and editing test may be required
- Excellent verbal and written communication skills
- Excellent organizational skills and attention to detail in tracking Security Operation workflows
- Working knowledge of Windows, OS X, Linux, conceptual understanding of Windows Active Directory
- Working knowledge of network communications and routing protocols (TCP, UDP, ICMP, BGP, MPLS) and internet applications/standards (SMTP, DNS, DHCP, SQL, HTTP, HTTPS)
- Experience with identification and implementation of counter-measures or mitigating controls for enterprise deployment
- Ability to support coverage requirements for various shifts during holidays and weekends
- Ability to work greater than 40 hours per week as needed and/or 12-hour shift in a single day
- Strong work ethic, diligent time and attendance, written and verbal communications skills are a must
