Provides special purpose consultation and support on technical matters related to Cyber Warfare and Network Defense. Performs ongoing Real-Time, Historic, and Threat analysis. Analyzes logs/traffic. Identifies potential IT security incidents and escalates information to appropriate staff. Assesses threat and vulnerability information from all sources (both internal and external) and promptly applies applicable mitigation techniques initiating indications and warnings. Conducts vulnerability analysis and assessments across the enterprise in support of operations and maintenance activities. Develops mitigation and remediation plans as a result of vulnerability assessment findings. Trains customers and promotes security awareness. Confers with customers to discuss issues including but not limited to computer data access needs, security violations, and COTS/GOTS application/process changes. Develops plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
Monitors current reports of computer viruses to determine when to update virus protection systems. Documents computer security and emergency measures policies, procedures, and tests. Trains Jr. Analysts and collaborates with other staff.
May require shift work.
• At least five (5) years of related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis.
• Previous experience in and a proven method for performing 1st and 2nd level analysis and interpretation of information from SOC systems.
• Previous experience in and proven methods for incident identification/analysis, escalation procedures, and reduction of false-positives.
• Demonstrated experience consistent with ISO 20000; ITIL;
• NIST 800 series, specifically, NIST 800-61 “Computer Incidents Handling Guide” and NIST 800-53 “Recommended Security Controls for Federal Information Systems;” and any other controls that are applicable to network security monitoring/analysis, event escalation, cyber threat analysis, and vulnerability analysis. Demonstrated experience with and application in establishing security controls to protect information systems consistent within industry.
• Demonstrated experience with and application of open and closed-source network defense and threat resources.
• Specific experience in monitoring, evaluating, and interpreting vulnerabilities, CVEs, remedies, mitigation measures, techniques for escalation, social engineering tactics, phishing techniques, and performing vulnerability assessments.
• Based on task(s) assigned, state-of-the-art expertise on the hardware, software, and systems in use by the IT Security Branch and in the SOCs, including but not limited to ArcSight, nCircle vulnerability assessment system, Cisco PIX firewall, Symantec Security Information Management System (SESA and SSIM), Symantec Client Security, NetIQ, Cisco VMS, Snort, IntruShield, Netwitness, and Splunk.
• Customer service skills training.
• Bachelor’s degree is a plus, or equivalent combination of education and experience.
• Certification by one of the following companies: HP/ArcSight, Symantec, and Cisco.
• Other relevant professional certifications in the field of IT Security are a plus (desirable, not mandatory), such as:
• GIAC Certified Professional, Information Security Professional (GISP)
• GIAC Certified Intrusion Analyst (GCIA)
• ArcSight Certified Integrator/Administrator (ACIA)
• Cisco Certified Security Professional (CCSP)
• Certified Information Systems Security Professional (CISSP)
• ArcSight Certified Security Analyst (ACSA)
• Systems Security Certified Practitioner (SSCP)