Senior SOC Analyst

ResponsibilitiesWork Location:Hybrid: remote AND at least two days per week in GSA, Washington, DC.RequirementsA Senior Security Operations Center (SOC) Analyst/Cybersecurity Engineer (“Senior SOC Analyst”) to be part of the Presidential Transition Team Program for General Services Administration (GSA). This position will provide hands-on expertise in support of NOC/SOC, PTT IRT, and Cloud Architecture Team, including monitoring, reporting, threat intelligence, threat hunting and incident response. This position will partner with M365, Intune, and Citrix engineering teams in the design and review of projects with respect to implementation of security requirements (e.g., logging, authentication, alerting, etc.). The primary responsibility of this position will be the administration of Continuous Diagnostics and Mitigation (CDM) tools including Qualys and CrowdStrike. Experience with integration of ServiceNow with CDM tools (Qualys) for the purpose of automation and reporting is highly desirable but not required. The candidate should also have experience with the deployment and administration of Endpoint Detection and Response (EDR) systems including CrowdStrike Falcon. The engineer should have experience conducting regular audits to ensure security controls such as CrowdStrike and our Qualys vulnerability software are functioning as expected. In addition to audits, this position will test for vulnerabilities by conducting regular scans of networks using Qualys vulnerability scanning platform and works with third party vendors during annual security assessments and testing. Knowledge of how to set up Qualys Patch Management (PM) will be greatly needed as the engineer will have to scan for the vulnerabilities and then work to patch them, meeting with the engineers in the different groups to get this accomplished.This is a highly technical role that requires a solid understanding of security systems, capabilities, and best practices. As part of a growing team this role will have the ability to leverage and work with new capabilities as they are deployed including working with groups which will be doing penetration testing, Tabletop exercises, and data loss prevention (DLP). This role is expected to contribute to maturing the overall IR and security capability through experience and recommendations at every level of security. The development of Standard Operating Procedure (SOP)(s) will be asked to be created as the ability to train others to do the job duties and tasks assigned.ResponsibilitiesRollout Policy Compliance in Qualys for in-scope technologies, aligning to CIS benchmarks.Facilitate the patch management of all vulnerabilities within the network utilizing Qualys PM.Fine-tune controls within Qualys to meet the client standardsAbility to analyze the differences in Qualys CIDs between DISA STIG & CIS frameworks, articulate differences to stakeholders, and work with the technology owners to get them to comply to the agreed upon baselinesAbility to utilize Qualys TotalCloud to scan Infrastructure as a Code (IaC) scanning in Azure (Terraform)Provide Qualys SME advisoryExecute weekly BAU activities as directed by the clientExtensive experience configuring, managing, and troubleshooting the Qualys VM, PC, Web Application Scanner, and Container Security modules.In-depth knowledge of Qualys dashboarding, reporting and data analysis functionalities.Experience with Qualys APIs for automation and integration purposes.Creating reports in CrowdStrike for daily and weekly delivery.Troubleshooting and remediation of findings from CrowdStrike Falcon and working with support engineers to resolve all findings.Demonstrate strong understanding of large-scale information technology systems, business processes, security regulatory risk management and security vulnerabilitiesUnderstand clients' business environment and IT risk management approachesCompose and deliver executive-level reports, presentations, and give after action reports (AAR) to key stakeholders.Provide relevant, strategic recommendations to help improve the security posture of the organization during and after an incident.Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.SIEM and XDR detectionsSecurity orchestration, automation, and response (SOAR) playbook developmentApply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat.Communicate clearly and concisely with managers and colleagues.Qualifications5 years with BS/BA;HS Diploma and 10 years experienceQUALIFICATIONSBasic QualificationsU.S. citizenship.5+ years of related systems security engineering experience, primarily in the federal government environment, dealing with business critical, high-availability systems.5+ years SOC or cybersecurity-related experience.3+ years of experience with a SIEM tool, preferably Splunk.Experience with Splunk dashboard, Azure Monitor and Microsoft Sentinel.4+ years querying and manipulating data experience, including 2+ years’ experience with SPL (required) with knowledge of data types, conditions, and regular expressions.Expert in SPL or related querying language.Hands on Experience with JIRA, Qualys and Terraform (Azure).Expert in data analytics and log analysis; adept at extracting insights from diverse datasets.Ability to identify patterns, anomalies, and indicators of compromise in large datasets.Strong problem-solving skills and the ability to think critically under pressure.Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions.Understanding of Boolean logic and event correlation.Knowledge of host-based logs such as Windows, Linux.Ability to identify logging and monitoring requirements/gaps.Knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors.Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow.Security+ CE or other 8570 IAT level II certification.Knowledge and experience applying cybersecurity specifications, including familiarity with the Risk Management Framework (RMF) and compliance with NIST standards such as NIST SP 800-53.Preferred QualificationsData normalization with Splunk using/creating field aliases, calculated fields, field extractions.Certified Splunk Power User or higher.Understanding of MITRE ATT&CK and TTPs.Knowledge of cloud security.Knowledge of system administration, networking, and operating system hardening techniques.Knowledge of Web Application Firewalls (WAF) security protections.Knowledge and experience with monitoring of web applications.Peraton OverviewPeraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.Target Salary Range$104,000 - $166,000. This represents the typical salary range for this position based on experience and other factors.Original job Senior SOC Analyst posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.