SOC Tier 1 Technician (Greenbelt, MD)
The Tier 1 Security Operations Center Analyst will possess experience with network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure; has analyzed phishing emails including email headers, malware, source code, acts as a first responder to account/system attacks and compromises to determine threat vectors and provide initial remediation; uses SIEM to monitor/analyze incidents, and works with stakeholders to resolve incidents; ; escalates incidents when necessary using policies and procedures, closely involved in developing, tuning and implementing threat detection analytics.
Duties and Responsibilities:
-Act as network incident first responder for a 24/7 staffed SOC, reviewing and verifying system alerts.
-Assist with the development of incident response plans, workflows, and SOPs.
-Maintain security sensors and tools.
-Monitor security sensors and review logs to identify intrusions.
-Escalate security incidents using established policies and procedures.
-Uses tools and techniques to perform initial extraction, de-obfuscation, or other manipulation of malware related data.
-Perform initial analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available.
-Work directly with cyber threat intelligence analysts to convert intelligence into useful detection.
-Collaborate with incident response team to rapidly build detection rules as needed.
-Identify incident root cause and take proactive mitigation steps.
-Perform lessons learned activities.
-Review vulnerabilities and track resolution.
-Review and process threat intel reports.
-Implement detection use cases.
-Implement IDS signatures.
-Assist with incident response efforts.
-Provide critical information for customer report briefs.
-Participate in customer security assessments.
-Participate in table top exercises.
-BS Degree and 3-4 years of prior relevant experience or Masters with 1 year of prior relevant experience.
-Basic, yet experienced knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS).
-Basic, yet experienced technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures.
-Basic, yet experienced knowledge of encryption, key management and cryptology.
-Familiarity with the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800- 35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines.
-Basic, yet experienced in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation.
-Basic, yet experience with planning and implementing secure networking practices such as: application segmentation, network segmentation, NAC and other access control testing/validation, updating access control SOPs.
-Understanding of configurations and experience with an enterprise SIEM solution including signature tuning, development of correlation rules, reports, and alarms.
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer.