Cyber Incident Handling Analyst

• Work as a member of the Cyber Incident Response Operations Team to increase the security posture of the customers' network.
• Monitor SIEM platforms for alerts, events, and rules providing insight into malicious activities and/or security posture violations.
• Review intrusion detection system alerts for anomalies that may pose a threat to the customers' network.
• Identify and investigate vulnerabilities, asses exploit potential and suggest analytics for automation in the SIEM engines.
• Report events through the incident handling process of creating incident tickets for deeper analysis and triage activities.
• Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers.
• Issue triage steps to local touch labor organizations and Army units to mitigate or collect on-site data.
• Perform post intrusion analysis to determine shortfalls in the incident detection methods.
• Develop unique queries and rules in the SIEM platforms to further detection for first line cyber defenders.
• Monitor the status of the intrusion detection system for proper alert reporting and system status.
• Respond to the higher headquarters on incidents and daily reports.
• Provide daily updates to Defensive Cyber Operations staff on intrusion detection operation and trends of events causing incidents.
• Prepare charts and diagrams to assist in metrics analysis and problem evaluation and submit recommendations for data mining and analytical solutions.
• Draft reports of vulnerabilities to increase customer situational awareness and improve the customers cyber security posture.
• Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned.
• May perform documentation and vetting of identified vulnerabilities for operational use.
• May prepare and presents technical reports and briefings.
• Utilize a solid understanding of networking ports and protocols, their uses, and their potential misuses.

Do you have experience in Windows?, Do you have a Bachelor's degree?, * An active in scope Top Secret/SCI clearance is required.

• Bachelor in related discipline +3, AS +7, major certification +7 or 11+ years specialized experience.
• Must meet DoD 8140 DCWF 531 requirements (B.S., A-150-1980, A-150-1202, A-150-1203, A150-1250, WSS 011, WSS 012GCFA, CBROPS, FITSP-O, GISF, CCSP, CEH, Cloud+, GCED, PenTest+, Security+, or GSEC).
• Must meet DoD 8140 DCWF 511 requirements (B.S., M03385G; M10395B; M22385, A-150-1980, A-150-1202, A-150-1203, A-150-1250, A-531-0451, A-531-4421, A-531-1900, WSS 011, DISA-US1377, GFACT, GISF, Cloud+, GCED, PenTest+, Security+, or GSEC).
• Must have one of the following certifications (Cisco CyberOps Professional, GCED, GCFA, GCFE, GCIH, GNFA, DCITA CIRC, FIWE or Offensive Security OSDA).
• Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations.
• Must have a good breadth of knowledge of common ports and protocols of system and network services.
• Experience in packet captures and analyzing a network packet.
• Experience with intrusion detection systems such as Snort, Suricata, and/or Zeek.
• Experience with SIEM systems such as Splunk and/or ArcSight.
• Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats.
• Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process.

Preferred Qualifications

• Bachelors degree in Engineering, Computer Science, or Mathematics.
• Experience with writing Snort or Suricata IDS rules.
• Experience with writing complex Splunk SPL queries to correlate lookup tables with event logs to identify anomalies.
• Experience with analyzing packets using Arkime or Wireshark.
• Experience with Microsoft Windows event IDs.
• Experience with Linux audit log analysis.
• Familiarity with Git and VScode.
• Experience with one or more scripting languages such as PowerShell, Bash, Python.

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.