Job Description :

Job Title : Sr.System Security Professional
Location : Sacramento CA
Duration : Long Term
Description :

a. Mandatory Qualifications

1) Holds a current certification as a Certified Information System Security Professional (CISSP 2) Experience of at least five (5) years as a SOC Security Specialist (level 1, 2, and/or 3) with a Fortune 500 company and/or governmental entity and/or mulit-customer managed security services provider. 3) Experience of at least two (2) years as a level 3 SOC Security Specialist. 4) Experience of at least one (1) year as a SOC content creator. 5) Experience of at least one (1) year in processing and integrating threat intelligence into SOC operations. 6) Experience of at least one (1) year conducting threat hunting within a SOC environment.

Desirable Qualifications

1) Experience using Splunk as a security analytics platform. 2) Experience using RSA Archer as a SOC workflow platform. 3) Experience in a threat hunting role within a security operations environment. 4) Experience in a SOC content creation role within a security operations environment. 5) Experience using TrendMicro Tippingpoint intrusion protection systems (IPS) and/or intrusion detection systems (IDS) systems. 6) Experience integrating threat intelligence feeds into SOC operations (particularly with Archer and/or Splunk 7) Demonstrable experience communicating and presenting materials to both technical staff and executive management.


a. Serve as a level 3 SOC specialist utilizing the various tools available including Splunk, Archer, Trend Tippingpoint IPS and IDS systems, NetScout packet capture, endpoint protection system(s), lateral detection systems, ThreatConnect intelligence feeds, other intelligence feeds, and other technologies/capabilities as defined. This includes but it not limited to:

Assistance with reviewing, prioritizing, and investigating alerts and data in CDT’s SIEM (Splunk), IDS/IPS and other SOC systems. ? Investigation of high-priority alerts from CDT’s system.

b. Provide content creation services as directed for the security analytics and workflow platforms (Splunk and Archer

Including but not limited to the development of monitoring use cases for CDT’s IDS/IPS, SIEM, and other monitoring technologies.

c. Provide threat hunting services as directed.

d. Serve as a senior technical advisor to the CDT SOC management and staff to include best practice knowledge transfer of SOC analysis and triage.

e. Provide on the job and formal training to SOC and other security staff as directed.

f. Other duties to include: ? Escalation of high priority alerts to CDT leadership team. ? Development of security metrics based on best industry practice. ? Interpretation of security metrics and process data queries. ? Assess an environment’s ‘normal baseline’, process requests, determine abnormalities against the normal baseline, and formulate a logical picture from the information and data obtained. ? Engage with IDS/IPS, log monitoring, firewalls, Active Directory, endpoint protections systems, etc. ? Extract metadata out of a log, or other data source, such as an event identification (ID), in order to conduct research. ? Conduct security monitoring and support digital forensics efforts
Perform triage and analysis of escalated security incidents and indicators generated by the incident monitoring systems. ? Managing, as directed, incoming notifications. ? Exercise data collection or event enrichment. ? Design and architect various processes, workflows, standards, training manuals, and other key aspects of the SOC’s primary functions including areas of: monitoring, incident response, digital forensics, malware analysis, threat hunting, threat intelligence, and integrations as directed. ? Present and summarize areas for improvements with specific examples and recommendations that will further develop and mature the SOC. ? Assist with automation including scripting, correlation rule writing, and signature creation. ? Conduct research and generate reports as directed.

g. Other tasks as directed from the CDT contract administrator (Work Authorization (WA) is required