The SOC Analyst supports a 24/7/365 Security Operations Center, responds to security incidents, perform security tool monitoring and analysis, and works towards improving monitoring tools, processes and procedures, documentations, and their own skills and abilities.
Perform Security Incident Management aligned with NIST and DHS standards.
Monitor and analyze events from security monitoring tools, including the following: Intrusion Detection & Prevention Systems; Endpoint Security Systems; Security Information and Event Management Systems; Web Proxy Systems; Log Management Systems; Firewall Systems; Full Packet Capture Systems; Data Loss Prevention Systems; Database Security Monitoring; and Compliance & Threat Modeling Systems.
Develop and maintain security policies, procedures, Run Book and Incident Management Plans. Manage consistent daily, weekly, event-based reporting, and manage knowledge base for sharing and transfer of experience.
Respond to security incidents, escalating appropriately when needed, work with other teams to resolve issues, and take responsibility to bringing investigations to closure.
Analyze data from multiple, seemingly unrelated sources to define relationships through deductive reasoning and practical experience.
Review and analyze monitoring tools events and provide recommendations to tune out white-noise.
This position is for the following shift: Wednesday to Sunday, 3:00pm – 11:30pm, including holidays.
Occasional scheduling on other days or shifts are expected to ensure 24/7 coverage.
This position requires an agency specific suitability and an interim Secret security clearance to start, clearable to TS/SCI preferred.
Prior experience working as an analyst in a Security Operations Center (SOC), Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), or Computer Security Incident Response Center (CSIRC).
Proven technical expertise is required, such as having relevant industry certifications, including, but not limited to, Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Intrusion Analyst (GCIA), or EC-Council Certified Security Analyst (ECSA).
Experience with security tools found in large enterprise networks, including Endpoint Security Tools, Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools.
DESIRED QUALIFICATIONS: BA/BS, 2+ years of experience
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.