Seeking a SOC Analyst Lead to join our team in Washington, DC.
Contract requires a US Citizenship and must be able to attain a Top Secret/ SCI eligible
Provides basic Monitoring and Analysis support of computer security events
Perform initial triage
Report computer security events, in accordance with established processes and procedures
IDS monitoring and analysis, network traffic and log analysis, prioritization and differentiation between potential intrusion attempts, determination of false alarms, insider threat and APT detection, and malware analysis/forensics.
Create and track investigations to resolution.
Compose security alert notifications. Advise incident responders in the steps to take to investigate and resolve computer security incidents.
Oversight, monitoring and tuning of security systems, including the following: Intrusion Detection & Prevention Systems; Endpoint Security Systems; Security Information and Event Management Systems; Web Proxy Systems; Log Management Systems; Firewall Systems; Full Packet Capture Systems; Data Loss Prevention Systems; Object Level Auditing Systems; Endpoint Forensics; Wireless LAN Monitoring Systems; Database Security Monitoring; Compliance & Threat Modeling Systems.
Develop and maintain security policies, procedures, Run Book and Incident Management Plan. Manage consistent daily, weekly and event-based reporting, and manage knowledge base for sharing and transfer of experience.
Perform gap analysis and provide strategic and tactical recommendations on security issues, and scale systems to take into account new threat or devices and valuate and contribute to the security posture of the organization.
10 years of IT security work.
Master’s degree preferred.
Bachelor’s degree, including prior experience working as a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) analyst.
Experience with Anti-Virus, Anti-Malware, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions.
Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages.
Previous experience running a Security Operations Center is also preferred
The following certifications are strongly desired: GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or other GIAC certifications.
Experience working within a government agency.
Digital Media Analysis (DMA) and prior computer forensics experience strongly desired.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.