· The Information Security Analyst is part of a fast paced, highly skilled team that provides analysis to real-time event data to detect, analyze and respond to security incidents. · The individual will need to be able to document and communicate effectively with customers and internal teams, assist in the investigation of events and follow-up with corrective actions and reporting. · The individual should have an investigative mindset that allows them to think out of the box as to why events are occurring and provide a rapid, but accurate, response to the emerging threats and trends. · Candidate needs be motivated to learn about new exploits/vulnerabilities and communicate the new threats to peers and leadership. Position Objectives: · Perform real-time analysis of events and execute notifications and escalations within 60 minutes of event occurrence · Perform analysis and incident handling 24x7x365 (includes holidays). · Perform a true and necessary documentation of Incident Handling and analysis, leaving nothing to interpretation. Essential duties: · Review and respond to real-time technical information security events and manage incidents · Document trends and events into database for tracking. · Be excited about security and interested in communicating, documenting and speaking about security events and incidents. Required skills: · Confident and effective communication skills regarding security concerns, issues and events · Technical across a broad range of network, command line scripting, computing, storage, & encryption methodologies. · In depth understanding of the IP protocol stack and experience troubleshooting and good experience reading network packet captures · Understanding and applied experience with NIX & Microsoft operating system platforms · Experience and ability to conduct detailed network forensic analysis of multiple devices and operating systems. · Experience in programming using shell scripts, PERL, Ruby, or Python along with the ability to understand, modify, and compile some source code for intrusion testing and developing defensive measures. · Experience analyzing events from Intrusion Detection Systems (Snort, Sourcefire, Cisco, etc) and Firewall logs (ASA, Checkpoint, iptables, etc), System Logs (Event Logs, Security, syslog, etc). · Conduct internal and external incident response functions, coordinating such with outside agencies to provide detailed reports on results of findings and analysis. · Strong oratory and electronic communications ability to crisply and effectively communicate with customers. · Desire and ability to maintain focus while analyzing complex events and logs Desired skills: · Historical experience with daily monitoring of vendor and other security alerts (CERT, SANS, BugTraq) · Experience writing Intrusion Detection Signatures and other Network Intrusion Detection Systems. · Experience and knowledge of modern encryption methods and implementation with web and internet-based security systems · Ability to train and present security events and incidents to all levels within the organization. · Experience dealing with network abuse issues. · Basic navigation and querying in SPLUNK · Utilize creative methods to monitor, identify and mine trends and incidents within extremely large datasets through statistical and/or automated fashions · Support an environment for learning and sharing with other analysts and security professionals within the organization on the trends of attack · Writing white papers or building presentations that can be published/presented internally or to external entities.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.