Job Description :
Position: IT Security Analyst
Location: Dallas TX or Austin-TX or Washington DC
Duration: 6 Months
Seeking candidates for four Security Analysts (TIER 2 Locations are in Austin Texas, Dallas Texas, and Washington DC. Normal hours are 8-5 Monday through Friday.
Candidate Description
The Tier 2 Analysts have experience in using SIEM technologies to support in-depth investigations and ‘hunting’ activities. Experience with McAfee Enterprise Security Manager (ESM), Splunk, or other SIEM technology required.
Tier 2 Analyst provide support to the SOC Tier 1, taking calls during high-volume times. They assist in customer service status calls and with other communication such as notifications and escalations.
N/SOC Engineers are responsible for:
Determining service-impacting of security events.
Escalating incidents to the NOC and SOC Operations Managers as needed.
Engaging support of Tier 3 Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary.
Responsibilities
Document and escalate incidents (including event''s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Provide daily summary reports of network events and activity relevant to cyber defense practices.
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
Recommend computing environment vulnerability corrections.
Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings
Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
Assists in developing cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
Provide guidance and mentorship to Tier 1 analysts.
Contribute to the creation of process documentation and training materials.
Qualifying Experience and Attributes
Three (3) to five (5) years of Network Intrusion Response and threat analysis experience.
Working knowledge of Intrusion Detection Systems (all 4 types preferred: host-signature, host-behavioral, network-signature and network-behavioral based
Experience with one or more IDS: McAfee ESM, Snort, Cisco, Dragon, NFR, Manhunt, etc.
Three (3) to five (5) + years of Security experience with Windows / UNIX / Mainframe based systems, routers and Ethernet switches.
Working knowledge of system administration, network, and operating system hardening techniques.
Working knowledge of cybersecurity and privacy principles.
Working knowledge of cyber threats and vulnerabilities.
Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists?
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins?
Knowledge of incident response and handling methodologies.?
Prior training in concepts of network and systems operations.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption?
Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]
Knowledge of escalation, incident management and change management processes and procedures of the SOC.
Proficient in the operation and use of sophisticated diagnostic tools (i.e. Sniffer, RMON tools, etc.
Understands vendor and industry standards and procedures for their respective technical specialty.
Possess good communication and interpersonal skills.
Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute?
Familiarity with key concepts in security management (e.g., Release Management, Patch Management
Knowledge of adversarial tactics, techniques, and procedures.
Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks?
Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth
Signature implementation impact for viruses, malware, and attacks.?
Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump