We have an immediate opening for a senior Cyber Security Operations Center (SOC) Analyst to support the Navy Enterprise Business Solutions program office. The SOC Analyst will use Splunk Enterprise Security in a large enterprise environment, write Splunk scripts for events filtering and analysis, and work with operating system administrators in support of alert/incident response for a major SAP/ERP system.
Responsibilities
Will use Splunk Enterprise Security in a large enterprise environment and write Splunk scripts for events filtering and analysis
Work with operating system administrators in support of Alert/Incident response
Identify communications paths as it relates to alert/incident investigations
Understand TCP/IP (IPv4, IPv6) along with related protocols and technologies (HTTP, FTP, SSH, NFS, DNS, NTP, FTP, DHCP, SMTP, SSL, etc.)
Requires understanding of routing protocols, proxies, and firewalls
Will maintain documentation of processes, procedures and configurations related to maintaining applications
Requires knowledge of forensics, network analysis, log analysis, systems hardening, encryption technologies, certificates, mobile, and web application security
Assist in proactively developing security best practices procedures and processes within the security operations team
Will write situational analyses for high-risk threats and suggest appropriate courses of action for remediation
Will document all activities during an incident/investigation and provides leadership with status updates during the life cycle of the incident/investigation
Requires theoretical knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
The candidate will have the knowledge, skills and abilities required to write scripts (bash, shell, perl, python, etc...) and write regular expressions
The candidate will have knowledge of Operating System audit events to include Windows and Linux.
The candidate will have knowledge of Database audit events to include Oracle, MS SQL, Sybase, and HANA.
The candidate will have hands-on IT experience to include server build, ldap, and an understanding of Encryption Algorithms and PKI authentication implementation.
Qualifications
The candidate must have an active SECRET security clearance and ability to gain a favorably adjudicated T5 background investigation
The candidate must have a bachelor's degree in Software Engineering or related field
The candidate must be certified to meet IAT Level 1 CSWF requirements (i.e.: Isc2's CISSP)
The candidate must have completed the Splunk Enterprise Security User and/or Splunk Enterprise Security Administrator courses.
The ideal candidate must have 1 to 3 years of experience
Working in a cybersecurity operations environment maintaining the security of enterprise level systems
Working as a Systems/Network Administrator
As a User or Administrator of a Splunk Enterprise Security (ES) implementation
In a Security Operations Center (SOC) environment
The candidate must have familiarity with SIEM tools, monitoring tools and automated security assessment tools.
Must be proficient in Microsoft applications such as Word, Excel, PowerPoint, and Outlook
Must be capable of performing effectively individually and as part of a team
Must have effective critical thinking and problem-solving skills
Must have strong oral and written communication skills
Must be able to manage time and be on time to meetings