Information Security Analyst - I - eTeam Inc.

Job Title: Information Security Analyst / Cyber Security Analyst

Location: Ashburn VA or Cary NC (Hybrid 4 days in a month onsite)

Duration: 12+ Months

Working Model: Hybrid- Tues - Sat schedule once onboarded with the requirement to be in the Cary or Ashburn office 4 days a month typically on Tues and Wed

Description:

JOB DUTIES:

Security Analysts comprise the primary labor force within the Security Operations Center.

Tier-2 Security Analysts come from an enterprise background with at least three years experience working in a security-related field, enabling them to undertake a wide variety of tasks across a number of different platforms.

Analysts will handle day-to-day tasks, as well as short-notice ad-hoc work, and see the tasks through to completion with minimal supervision.

Security Analysts provide critical value to the Security Incident and Event Management (SIEM) workflow, leveraging their extensive knowledge to provide context to events; recommendations for remediation actions; and suggestions for implementing best practices and improving standard processes and procedures.

Duties of the Tier-2 Senior Security Analyst include:

Provide eyes on glass near real-time security monitoring in a 24x7 environment by monitoring security infrastructure and security alarm devices for Indicators of Compromise utilizing a proprietary SIEM and cybersecurity tools;

Perform near real-time security monitoring of alerts and escalating critical alerts in compliance with the service level agreement;

Detect security incidents and analyze threats for complex and/or escalated security events;

Respond to customer Requests For Information including using Linux command line skills to query raw logs for IOCs, answering questions about the MSS infrastructure, and features of the SIEM including correlation engine while recommending best practices;

Develop internal and/or external documentation, such as detailed procedures, playbooks, and runbooks; review and assess reports concerning operational metrics;

Perform level 2 assessment of incoming alerts (assessing the priority of the alert, determining severity of alert in respect to the customer environment, correlating additional details) and coordinate with tier III for critical priority incidents, if necessary;

Perform incident response activities utilizing customer SIEM and cybersecurity toolkits;

Assist with quality control during the onboarding of new customers to verify validity of Use Cases and generated alerts;

Utilize the SOC Knowledge Base and provide input on revisions as needed;

MUST HAVE SKILLS:

• Ability to obtain GSA Public Trust clearance
• At least three years of experience in security-related fields including prior SOC experience
• Ability to communicate clearly and concisely in written and oral English
• Experience using a supported Security Incident Event Management (SIEM) for analytics
• Knowledgeable with scripting, parsing, and query development in enterprise SIEM solutions
• Experience in tuning use cases & content, driven by day optimizations, with an understanding of best practices to ensure adjustments do not cause false negatives
• Experience with documenting processes and procedures as well as training team members on processes and procedures
• Exceptional problem-solving skills
• Ability to drive process improvements and identify gaps
• Proactive in engaging with customers and management teams
• Thorough understanding of the threat landscape and indicators of compromise
• Experience with incident response techniques related to network forensic analysis
• Experience investigating security incidents with SIEMs, use case development/tuning, and understanding of incident response
• Experience with IPS including analyzing alerts generated by the inspection with consideration to

how signatures are written, and how to identify false positives

• Experience with implementing changes on next-generation firewalls including firewall policy &

content inspection configuration (Fortimanager, Fortigate, Cisco, Palo Alto, Checkpoint, etc.)

• Skilled with Linux command line
• Experience with health and availability monitoring; understanding of device logging and ingestion, network troubleshooting, and device troubleshooting

DESIRED SKILLS:

Scripting knowledge in (ie. Python, Powershell, Bash Shell, Java, etc.)

Incident response experience utilizing different SIEMs and industry best practices

Experience with customer service and supporting service desk functions such as IAM management

EDUCATION/CERTIFICATIONS:

• Bachelor or higher degree in Computer Science, Information Security, or similar

Required:

• Industry certification(s) such as CISSP, SANS GIAC or GCIH, CompTIA Security+,
• CCNP-Security, Palo Alto CNSE, Fortinet NSE, CySA+, GCED, CEH, or comparable security-related Certification

LOGISTICS:

• Shift work required, including nights and weekends.

Team members work 5x8-hour shifts per week.

The position would start as a Monday through Friday 7:00 am, - 3:30 pm while the new hire is

onboarded and trained.