The Analyst Advisor supports our companies' Cyber Security Operations Center by responding to escalated alerts and monitoring impacting security postures for more than 105 systems security plans for the program. This position conducts in-depth analyses of security incidents with the specific ability to identify trends and deviations from standardized configurations for security to include intrusion detection, McAfee alerts, and privileged access management.
Focus on security event management, vulnerability management, intrusion prevention. Conducts risk and vulnerability assessment at the network, system and application level. Supports and implements security controls and formulates operational risk mitigation along with assisting in security awareness programs. Involved in a wide range of security compliance for Secure The Enterprise (STE), Command Cyber Readiness Inspection (CCRI), intrusion detection, McAfee/Palo Alto, Web blocks, Two Stage Administrative Access Control (TSAC), Privileged access management and software mitigation, Nessus and SCCM. Researches, evaluates and recommends new security tools, techniques, and technologies in alignment with contract obligations for new technology insertions. Audits and manages security alerts for identity and access management. Prepares security reports for internal and external review. Analyst may be required to support contract report deliverable for security related programs in conjunction with SOC operational support.
Develops and updates procedures, and configure tools for Monitoring Analysts consumption
Escalates cyber security events according to our companies' playbook and standard operation procedures (SOPs)
Performs additional analysis of escalations from Monitoring Analysts and conduct case review
Assists with containment of threats and remediation of environment during or after an incident
Escalates high or critical severity level incidents to Incident Investigators
Consumes threat intelligence and disseminate findings to relevant parties
Conducts hunting activities based on internal and external threat intelligence
Performs triage of service requests from customers and internal teams
BA/BS plus 8 years of relevant experience or equivallant combination of education and experience
Experience using event escalation and reporting procedures
Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
Understanding TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
Knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
Knowledge of how the Windows file system and registry function
Experience managing cases with enterprise SIEM systems
Experience with network monitoring in a SOC environment
Must be able to work various shifts as needed and work in a 24/7 call environment
7 am to 3 pm
Preferred Experience and Skills:
BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience preferred
Experience with Splunk, Netbrain and McAfee, Palo Alto security products
Experience conducting packet and log file analysis
Experience supporting incident investigations
Experience working in a 24/7 SOC environment
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.