Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a SOC & Insider Threat Analyst for a Department of Defense customer. In this role you have the opportunity to work with a cross-functional team in multiple technical areas to include operations, engineering, security, and systems development to deliver secure solutions to our national security customers.
This Security Operations Center (SOC) & Insider Threat Analyst position continuously monitors the security state of the system by building and maintaining queries, reports, and alerts in Splunk and displaying them in dashboards available to engineers, Information System Security Managers (ISSM), the Chief Information Security Officer (CISO), Information System Owners (ISO) and other ISSOs. You will gain an understanding of the daily operation of the system to identify, explain, and document anomalous events and behaviors, following established incident response and mitigation procedures.
Your excellent analytical skills will assist in quantifying risk to enterprise systems and level of compliance with security policy across a broad spectrum of daily operations. Your responsibilities will also include elements of physical and environmental protection, personnel security, incident handling, and security training and awareness. In close coordination with the ISSM, you will play an active role in monitoring all aspects of the network.
U.S. Government Clearance Required: TOP SECRET/SCI
Responsibilities include but not limited to:
- Provide technical network monitoring and incident response to internal and external threats to the confidentiality, integrity, and availability of the IT enterprise
- Provide subject matter expertise in the use of Splunk and other tools to monitor user behavior, system logs, and network traffic to identify anomalies and detect malicious behavior
- Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization package
- Monitor and assist with security infractions and assist in security investigations and responses as requested
- Conduct daily, weekly and monthly review and management of the audit collection system
- Create and maintain custom Splunk queries and dashboards
- Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
- Create and maintain information system security documentation, Standard Operating Procedures (SOP) and checklists
- Continuously review and evaluate best practices for implementing a comprehensive audit program
- Work with the IA team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
- Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
- Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
- Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with POA&M through mitigation and/or risk acceptance
- Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
- Communicate well, both written and verbal.
- A Bachelor's degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study) and have 3 to 5 years’ experience with information networks and related security concerns
- Background and 1-2 years’ experience with Security Event and Incident Management (SEIM) tools. Experience with Splunk is preferred and Splunk certifications are highly desired
- Experience using various IA tools in audit collection, audit review, audit management, and end point protection
- Established experience in related SOC work across several years in a role to demonstrate continued value for the type of position they are being evaluated for
- Ability to create, configure, and maintain SEIM solutions such as ArcSight/Splunk
- Demonstrated knowledge of HBSS and ACAS and how to present/formulate the information provided from these toolsets
- A background and some experience with RMF, ICD 503, NIST SP800-53 or JSIG, or knowledge of current authorization practices, particularly within the DoD is desired.
- Experience with security efforts related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems are desired.
- DoD 8570.1 / DoD 8140.01 certification (IAT Level I or II, IAM level I, or II, IASAE Level I, II, or III). Security+CE or equivalent required at a minimum; CISA preferred; CAP, CASP, CISSP, GSLC or CISM desired
Security requirements: US Citizenship and active TS/SCI clearance
Requires Bachelor's degree or equivalent and three to five years related experience.
Bachelor's degree or equivalent experience/education