Technical Program Manager, Security Operations
Onebrief
Cyber SecurityPMP
Mid SOC Analyst
Agile Defense
full-time
Posted on:
Location Type: Remote
Location: Remote • Washington • 🇺🇸 United States
Visit company websiteSalary
💰 $66,500 - $123,500 per year
Job Level
JuniorMid-Level
Tech Stack
Cyber SecurityDNSLinuxSMTPSplunkSQL
About the role
- Monitor for security relevant events and produce high quality analysis in accordance with both federal and contractor leadership expectations.
- Identify opportunities to improve detection content and existing processes relevant to the role.
- Support fellow analysts on investigations, providing mentorship and training as able.
Requirements
- DoD 8140 Base-line (Sec+)
- For Mid-level analysts, one or more certifications: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, CISSP, Security+, Network+, CEH, CND.
- Bachelors in Cybersecurity, IT or related field preferred.
- US Citizen, no dual citizenship.
- Strong knowledge of SIEM, IDS/IPS, and SOC Ops
- 2-4 yrs of experience in Tier 2/3 SOC operations for Federal or enterprise environments
- Strong analytical and technical skills in computer network defense operations, ability to support efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
- Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
- Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources e.g. windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting,
- Excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
- Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
- A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Ability to support coverage requirements for night shifts including holidays and weekends.
- Splunk/SIEM certification desired
- An understanding in researching Emerging Threats and recommending monitoring content within security tools.
- Experience in analyzing netflow data and packet capture (PCAP).
Benefits
- Competitive and comprehensive benefits package
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SIEMIDSIPSSOC operationsIncident HandlingMalware Analysisnetflow data analysispacket capturelog managementtechnical writing
Soft skills
analytical skillscritical thinkingmentorshipcommunication skillsorganizational skillsattention to detail
Certifications
DoD 8140Security+GCIAGCEDGCFAGCFEGCTIGNFAGCIHCISSP
