Yesterday
Top Secret
Mid Level Career (5+ yrs experience)
$100,000 - $125,000
IT - Security
Arlington, VA (On-Site/Office)
They are hiring 2 people for shift work, one per shift, M-F, 1 person 1400-2200, and 1 person 2200-0600
The position entails working in a Network Operations and Security Center NOSC where the team is responsible for monitoring security and health alerts for systems on 14 different networks. The ideal candidate for this position will lead the security mission in the NOSC by providing training to junior analysts, reviewing reports written by the junior analysts, tuning tools for anomalous detection, writing reports, presentations, and executive summaries.
Key Responsibilities
• Analyze and investigate escalated alerts from Tier 1 analysts using tools such as SIEM, EDR, IDS/IPS, and network monitoring solutions.
• Perform advanced log analysis, PCAP review, and endpoint investigations to determine the nature and scope of threats.
• Lead incident response activities for escalated events, collaborating with Tier 3 analysts for complex or high-severity incidents.
• Prepare detailed incident reports and deliver briefings to internal stakeholders, including senior leadership.
• Collaborate with Tier 3 analysts, system administrators, and other IT teams to implement mitigation strategies.
• Mentor and provide technical guidance to Tier 1 NSOC analysts, including training on incident handling and response procedures.
• Assist in tuning detection tools and developing use cases for anomalous activity detection.
• Develop, update, and maintain comprehensive documentation ensuring accuracy and alignment with current protocols and best practices
Required Qualifications
o Somebody who has been in a role "Task Lead/Team Lead/Shift Lead" would be a good example of title.
o DoD Top Secret Clearance with SCI/SAP eligibility is required.
o Incident Response/Incident Handling
• Leadership: They are looking for somebody who can lead the technical mission and help train others on technical skillsets for SOC operations.
o 3+ years Proficiency with SIEM platforms (e.g., Splunk) and endpoint detection tools (e.g., CrowdStrike, Sentinel One, Microsoft Defender).
Certifications:
o DoD 8140 Cyber Incident Responder Certification (Security+, CySA+, or equivalent) required.
o One or more of the following certifications are preferred: GCIH, GCFA, Cloud+, GCSA.
- Strong understanding of network protocols, packet analysis, and tools like Wireshark or Zeek.
- Experience with IDS/IPS/NDR/EDR tools (e.g., Snort, Suricata, Bricata).
- Ability to analyze logs, correlate data, and detect adversary tactics, techniques, and procedures (TTPs).
- Familiarity with threat intelligence frameworks such as MITRE ATT&CK, Cyber Kill Chain, and IOC analysis.
- Basic scripting or automation skills (e.g., Python, PowerShell, Bash) to enhance workflows.
The position entails working in a Network Operations and Security Center NOSC where the team is responsible for monitoring security and health alerts for systems on 14 different networks. The ideal candidate for this position will lead the security mission in the NOSC by providing training to junior analysts, reviewing reports written by the junior analysts, tuning tools for anomalous detection, writing reports, presentations, and executive summaries.
Key Responsibilities
• Analyze and investigate escalated alerts from Tier 1 analysts using tools such as SIEM, EDR, IDS/IPS, and network monitoring solutions.
• Perform advanced log analysis, PCAP review, and endpoint investigations to determine the nature and scope of threats.
• Lead incident response activities for escalated events, collaborating with Tier 3 analysts for complex or high-severity incidents.
• Prepare detailed incident reports and deliver briefings to internal stakeholders, including senior leadership.
• Collaborate with Tier 3 analysts, system administrators, and other IT teams to implement mitigation strategies.
• Mentor and provide technical guidance to Tier 1 NSOC analysts, including training on incident handling and response procedures.
• Assist in tuning detection tools and developing use cases for anomalous activity detection.
• Develop, update, and maintain comprehensive documentation ensuring accuracy and alignment with current protocols and best practices
Required Qualifications
o Somebody who has been in a role "Task Lead/Team Lead/Shift Lead" would be a good example of title.
o DoD Top Secret Clearance with SCI/SAP eligibility is required.
o Incident Response/Incident Handling
• Leadership: They are looking for somebody who can lead the technical mission and help train others on technical skillsets for SOC operations.
o 3+ years Proficiency with SIEM platforms (e.g., Splunk) and endpoint detection tools (e.g., CrowdStrike, Sentinel One, Microsoft Defender).
Certifications:
o DoD 8140 Cyber Incident Responder Certification (Security+, CySA+, or equivalent) required.
o One or more of the following certifications are preferred: GCIH, GCFA, Cloud+, GCSA.
- Strong understanding of network protocols, packet analysis, and tools like Wireshark or Zeek.
- Experience with IDS/IPS/NDR/EDR tools (e.g., Snort, Suricata, Bricata).
- Ability to analyze logs, correlate data, and detect adversary tactics, techniques, and procedures (TTPs).
- Familiarity with threat intelligence frameworks such as MITRE ATT&CK, Cyber Kill Chain, and IOC analysis.
- Basic scripting or automation skills (e.g., Python, PowerShell, Bash) to enhance workflows.
group id: 10105424
N
