Info Security Analyst works shift as defined in summary: US Citizens only: The Analyst will report to the Shift Lead and will adhere to SOPs for incident reporting and responsible for all incidents that come in during the shift worked. Will wait for next shift replacment staff before leaving/logging off, so that floor is properly staffed 24x7x365. The analyst will have excellent communication skills; must be able to speak and write to the proper level that could go up to the Department executives about current issues, etc. Provide supporting documenation for briefing as requested by shift lead or other IR management. Analyst will have a solid understanding of cyber security and be able to analyze incident reporting and follow up with Shift lead on reporting to ensure a complete picture of the incident is available.. Will expect Analyst to understand and follow escalation procedures; Analyst will keep lead up to date will keep federal leadership appraised of any incidents that could receive addition attention from leadership, etc.
1. Need to have knowledge of the Splunk Enterprise and Splunk Enterprise Security product;
2. Be able to run canned queries and edit when necessary to search for security event indicators.;
3. Create new/custom queries as necessary to gather information not found in canned queries or reports.
4. Ability to create dashboards to track security events and incidents. Nice to have would be a Splunk certification. Knowledge of and actual user of the Incident Response processes and procedures in support of a Security Operations Center (SOC).
A member of the Network Security Team perform the following tasks:
• Monitor SIEM, IDS and other security alerting mechanisms for malicious activity
• Perform APT hunting activities based on Indicators of Compromise (IoC) either through manual log review or SIEM
• Perform analysis of security events and incidents
• Provide and/or assist root cause analysis of anomalous events
• Coordinate with Incident Response staff to effectively contain and recover from cyber incidents
• Provide feedback to administration staff it assist in signature creation and tuning
• Perform risk analysis for newly reported and/or Zero Day vulnerabilities
• Monitor, organize, and coordinate correspondence for emails received to the Security Operation Center (SOC) Inbox
Basic Skills & Qualifications:
• 1 + yrs. experience performing security monitoring, performing signature tuning , analyzing PCAP, Cyber Kill Chain, drafting analysis reports and briefings tailored appropriately for executive or technical audiences,
• Good oral and written communication skills
• Basic – moderate understanding of networking
Preferred Skills & Qualifications:
• Knowledge of and the ability to script in either, Perl, Python, or Bash
• Knowledge of the MITRE ATT&CK Framework
• Desired experience performing training in cyber security topics
• Desired experience performing incident response
• Desired experience performing malware analysis
• Bachelor’s degree or equivalent experience
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.