Supervises and provides guidance for a team of Intrusion Analysis Specialists. Monitor, deter, identify, and investigate computer and network intrusions. Ability to research trends and countermeasures in computer/network vulnerabilities, exploits, and malicious activity. Train and mentor junior analysts to develop intrusion analysis skill set. Develop and maintain in-depth knowledge and hands-on experience with computer network security techniques and best practices. Technical focus on the monitoring and analysis of large, distributed, and complex network and information systems. Candidate must be able to identify suspicious and malicious activity in a heterogeneous network environment and respond appropriately.
Daily activities include:
- Proficient written and verbal communication with customer representatives
- Research new and evolving threats and vulnerabilities with potential to impact the monitored environment
- Read and understand network packet capture files
- Monitoring and analysis of network and IDS information
- Log collection, analysis, correlation, and alerting
- Identification of suspicious/malicious activities
- Identification and tracking of malicious code
- Reporting malicious activity to client locations with recommendations for remediation
- Review and management of incident resolutions
- Must have at least 4 years of experience in a supervisory role.
- Previous real time intrusion analysis experience as a primary job role is highly desirable.
- The following training is highly desired: SANS GSEC, SANS GCIA, SANS GCIH, CEH, OSCP.
- Undergraduate degree in Computer Science, Computer Information Systems, or similar area of study or equivalent experience (2-3 years) in Intrusion Analysis.
- Must be willing to work various shifts in a 24x7 environment
- Expert knowledge of monitoring IDS sensors and other network log data sources
- Expert knowledge of incident resolution and handling
- Expert knowledge of common vulnerabilities and exploits
- Knowledge of incident analysis and investigation
- Knowledge of alarm investigation and validation
- Strong knowledge of networking
- Strong knowledge of common network protocol behavior
- Strong knowledge of network traffic analysis tools
- Excellent verbal and written communications skills
- Excellent customer service skills
- Experience with SIM/SIEM technologies desired
- Qualified applicants must have a current DOE Q or TS clearance, or be able to pass the appropriate background investigations to attain one. U.S. Citizenship is required.
- The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, skills, or working conditions.
- OnPoint Consulting is an equal opportunity employer who firmly supports and recognizes the value of diversity and inclusion in the workplace.
OnPoint provides management excellence that leverages technology to improve the way government works. We partner with clients who believe in...