Position: Junior Security Analyst
Location: Vienna, VA
Must hold at least a U.S. Secret Clearance.
As a Security Operations Center (SOC) Junior Security Analyst, you will be analyzing / monitoring network traffic for a global implementation of Microsoft UC (Skype for Business).
In this role, you will you will be responsible for the following:
· Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events and logs
· Prioritizing and differentiating between potential intrusion attempts and false alarms
· Creating and tracking security investigations to resolution
· Opening tickets and assigning to correct resolver and validating/closing tickets related to false positives.
· Providing Tier 1 investigation, triage, and mitigation of detected security events
· Composing security alert notifications and other communications
· Advising incident responders in the steps to take to investigate and resolve computer security incidents
· Staying up to date with current vulnerabilities, attacks, and countermeasures
· Monitor core capabilities to include but not limited to Splunk and HBSS for near-real time alerting of suspicious and/or anomalous activity
· Recognize a potential security violation, take appropriate action to report the incident as required by regulation, and mitigate any adverse impact.
· Implement and monitor Information Assurance (IA) safeguards for computing environment system(s) in accordance with implementation plans and standard operating procedures.
· Apply established IA security procedures and safeguards and comply with responsibilities of assignment.
· Comply with system termination procedures and incident reporting requirements related to potential security incidents or actual breaches.
· Understand and implement technical vulnerability corrections.
· Implement specific IA security countermeasures.
· This position requires the ability to work shifts on a 24*7*365 schedule
· Comply with the security requirements set forth in the Security Plan and applicable directives for the safe and secure operation of the UC platform as outlined in the Acceptable Use Policy
· Have the requisite training to operate the UC platform and complete IA Training and review and sign the Acceptable Use Policy
· Maintain positive physical control of the UC platform components within their areas of responsibility
· Ensure no information higher than the approved program classification level is processed by the UC platform
· Handle and secure the UC platform data according to the appropriate classification level
· Safeguard the UC platform from unauthorized transmissions of data (such as sending data without encryption), tampering with the UC platform hardware, or manipulating the resident and application software
· Report to the ISSM/ISSO or Program Manager any attempt to gain unauthorized access to Unclassified, Sensitive defense information, any failure, or any suspected defect which could lead to unauthorized disclosure of Unclassified, Sensitive information
· Report suspected (or actual) security violations or practices dangerous to security to the ISSM/ISSO or security manager
· Reviews the Access Control policy
· Maintains an understanding of Information Assurance (IA) policies, current Cybersecurity threats, and incident response reporting procedures to ensure the assets, and the information processed are protected from any actions which could jeopardize the UC platform’s ability to effectively and securely function.
· Immediately notifies their ISSM/ISSO Personnel if they suspect their passwords or token cards have been compromised
· Takes DoD insider threat awareness training annually to recognize and report insider threats
· Reports all potential or malicious incidents immediately to the ISSM/ISSO If none of the aforementioned are available users contact the US-CERT (formerly CONUS and South RCERT) immediately
· Reviews the Media Protection Policy
· Marks and labels ALL UC media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information
· Reviews the physical security plan
· Reviews the Security Assessment and Authorization policy 1.10.8
Knowledge, Skills, and Abilities
· Ability to use assessment tools and other security tools found in large network environments; along with ability to work with Security Information and Event Management (SIEM) solutions, including Splunk
· Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages
· Familiarity with and the ability to follow ITSM, ITIL, and InfoSecurity Best Practices
· Candidates must be able to work on-site at Federal Agency located in the Vienna, VA or San Antonio, TX areas
· Authorized to work in the US without sponsorship now or in the future
· The ability to communicate security events, potential impacts, and actions taken to higher-tier resolvers and management team
· Applies basic knowledge of IA concepts, practices, and procedures within the computing environment.
Certifications and Experience
· Hold at least a US Secret Clearance
· Meet IAT I Certification requirements
· Security+ Certification is required
· 2-3 years of related experience in a Security Operations Center capacity
· Previous experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), Cyber Defense Team (CDT), or a Security Operations Center (SOC)
· Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Vulnerability management and Federal/Military security protocols
· Experience with Log Event Monitoring solutions is strongly desired but not required
We are GDT. We are the 6th largest Cisco VAR in North America. We pride ourselves in hiring the brightest minds who thrive in an autonomous environment. Our talented employees all share key characteristics:
Warrior Spirit – accepts, tackles, conquers challenges, thrives in an autonomous environment, be a leader while accepting leadership
Thought Leaders – “Out of the box” mentality and approaches, total cost of ownership on each and every project, continual drive to pave the way to the cutting edge
Highly consultative skills – engage with your peers, but also just as comfortable engaging with your client on project status and best practices.
If you possess these characteristics, and are looking for your next challenging career, then we want to hear from you!
Role: Junior Security Operations Analyst
Apply for this job now.