Junior Cyber Operations Analyst at Falconwood Inc. in Stafford, Virginia

Job Description:

Overview



We have an immediate opening for a senior Cyber Security Operations Center (SOC) Analyst to support the Navy Enterprise Business Solutions program office. The SOC Analyst will use Splunk Enterprise Security in a large enterprise environment, write Splunk scripts for events filtering and analysis, and work with operating system administrators in support of alert/incident response for a major SAP/ERP system.

Responsibilities

• Will use Splunk Enterprise Security in a large enterprise environment and write Splunk scripts for events filtering and analysis
• Work with operating system administrators in support of Alert/Incident response
• Identify communications paths as it relates to alert/incident investigations
• Understand TCP/IP (IPv4, IPv6) along with related protocols and technologies (HTTP, FTP, SSH, NFS, DNS, NTP, FTP, DHCP, SMTP, SSL, etc.)
• Requires understanding of routing protocols, proxies, and firewalls
• Will maintain documentation of processes, procedures and configurations related to maintaining applications
• Requires knowledge of forensics, network analysis, log analysis, systems hardening, encryption technologies, certificates, mobile, and web application security
• Assist in proactively developing security best practices procedures and processes within the security operations team
• Will write situational analyses for high-risk threats and suggest appropriate courses of action for remediation
• Will document all activities during an incident/investigation and provides leadership with status updates during the life cycle of the incident/investigation
• Requires theoretical knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
• The candidate will have the knowledge, skills and abilities required to write scripts (bash, shell, perl, python, etc...) and write regular expressions
• The candidate will have knowledge of Operating System audit events to include Windows and Linux.
• The candidate will have knowledge of Database audit events to include Oracle, MS SQL, Sybase, and HANA.
• The candidate will have hands-on IT experience to include server build, ldap, and an understanding of Encryption Algorithms and PKI authentication implementation.

• The candidate must have an active SECRET security clearance and ability to gain a favorably adjudicated T5 background investigation
• The candidate must have a bachelor's degree in Software Engineering or related field

• The candidate must be certified to meet IAT Level 1 CSWF requirements (i.e.: Isc2's CISSP)
• The candidate must have completed the Splunk Enterprise Security User and/or Splunk Enterprise Security Administrator courses.
• The ideal candidate must have 1 to 3 years of experience
  • Working in a cybersecurity operations environment maintaining the security of enterprise level systems
  • Working as a Systems/Network Administrator
  • As a User or Administrator of a Splunk Enterprise Security (ES) implementation
  • In a Security Operations Center (SOC) environment
  
  
• The candidate must have familiarity with SIEM tools, monitoring tools and automated security assessment tools.

• Must be proficient in Microsoft applications such as Word, Excel, PowerPoint, and Outlook

• Must be capable of performing effectively individually and as part of a team

• Must have effective critical thinking and problem-solving skills
• Must have strong oral and written communication skills
• Must be able to manage time and be on time to meetings

• Experience with Agile and/or DEVSECOPS a plus
• SAP and/or ERP experience a plus