Information Security Analyst Advisor

Clearance Level
Top Secret SCI + Polygraph
Category
Information Security
Location
Annapolis Junction, Maryland

REQ#: RQ57000

Travel Required: Less than 10%
Public Trust: None
Requisition Type: Regular

The Analyst Advisor supports our companies' Cyber Security Operations Center by responding to escalated alerts and monitoring impacting security postures for more than 105 systems security plans for the program. This position conducts  in-depth analyses of security incidents with the specific ability to identify trends and deviations from standardized configurations for security to include intrusion detection, McAfee alerts, and privileged access management.  

Focus on security event management, vulnerability management, intrusion prevention. Conducts risk and vulnerability assessment at the network, system and application level. Supports and implements security controls and formulates operational risk mitigation along with assisting in security awareness programs. Involved in a wide range of security compliance for Secure The Enterprise (STE), Command Cyber Readiness Inspection (CCRI), intrusion detection, McAfee/Palo Alto, Web blocks, Two Stage Administrative Access Control (TSAC), Privileged access management and software mitigation, Nessus and SCCM. Researches, evaluates and recommends new security tools, techniques, and technologies in alignment with contract obligations for new technology insertions. Audits and manages security alerts for identity and access management. Prepares security reports for internal and external review. Analyst may be required to support contract report deliverable for security related programs in conjunction with SOC operational support.

Key responsibilities:

  • Develops and updates procedures, and configure tools for Monitoring Analysts consumption
  •  Escalates cyber security events according to our companies' playbook and standard operation procedures (SOPs)
  • Performs additional analysis of escalations from Monitoring Analysts and conduct case review
  •  Assists with containment of threats and remediation of environment during or after an incident
  • Escalates high or critical severity level incidents to Incident Investigators
  • Consumes threat intelligence and disseminate findings to relevant parties
  • Conducts hunting activities based on internal and external threat intelligence
  •  Performs triage of service requests from customers and internal teams

Position Requirements:

  • BA/BS plus 8 years of relevant experience or equivallant combination of education and experience
  • Active TS/SCI with current Polygraph
  • 8570 IAT II Security certifications (e.g. Security+, Network+, CEH, CySa etc)

​​Required Experience and Skills**:

  • Experience using event escalation and reporting procedures
  • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
  • Understanding TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
  • Knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
  • Knowledge of how the Windows file system and registry function
  • Experience managing cases with enterprise SIEM systems
  • Experience with network monitoring in a SOC environment
  • Must be able to work various shifts as needed and work in a 24/7 call environment
  • 7 am to 3 pm

Preferred Experience and Skills:

  • BA/BS in Engineering, Computer Science, Information Security, or Information Systems or related work experience preferred
  • Experience with Splunk, Netbrain and McAfee, Palo Alto security products
  • Experience conducting packet and log file analysis
  • Experience supporting incident investigations
  • Experience working in a 24/7 SOC environment

#cjpost

    We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

    GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.