Security Operations Center Analyst - Dallas or Washington DC (R2807)

• Provide Subject Matter Expert (SME) level Monitoring support for the Shield AI network.
• Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
• Protect against and prevent potential cyber security threats and vulnerabilities.
• Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations and related operational events.
• Conduct detailed research to increase awareness and readiness levels of the security operations center.
• Conduct advanced analysis and recommend remediation steps.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Conduct all-source research to determine threat capability and intent.
• Develop and maintain analytical procedures to meet changing requirements.
• Coordinate and respond during significant cyber incidents.
• Develop content for cyber defense tools.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Collect and analyze intrusion artifacts (such as source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

• Bachelors Degree
• Certifications (CYSA)
• Experience with cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
• Expertise in traditional computing technologies architecture, design and security.
• Expertise in planning, implementation and usage of log aggregation and security analysis tools.
• Demonstrated knowledge utilizing native security and logging tools and centralized log aggregation utilizing a variety of methods.
• Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
• Ability to identify remediation steps for cybersecurity events.
• Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
• Strong organizational skills.
• Proven ability to operate in a time sensitive environment. 
• Proven ability to communicate orally and written.
• Proven ability to brief (technical/informational) senior leadership.
• Ability to scope and perform impact analysis on incidents.

• Knowledge of network architecture, design and security.
• Ability to analyze static and dynamic malware analysis tools and techniques.
• Skill in analyzing anomalous code as malicious or benign.
• Knowledge of intersection of both on-prem and cloud-based technologies.
• Knowledge of system design and process methodologies.
• Experience in developing and delivering comprehensive training programs. 
• Experience collaborating with cross functional teams.
• Experience working in the intra agency environment. 
• Ability to communicate technical concepts to executive level leadership.
• Skill in detecting host and network based intrusions via intrusion detection technologies
• Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

#LI-AM1

#LE