Host based Systems Analyst /Senior SOC Analyst

Host-based Systems Analyst /Senior SOC Analyst
Location: Arlington, VA
Must have an active Secret Security Clearance
Node provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide-front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity.
Node is seeking a Senior SOC Analyst to support this critical customer mission.
Responsibilities:
- Assisting Federal team leads with establishing and operating a Security Operations Center responsible for securing a highly dynamic environment supporting Incident Response and Threat Hunting experts
- Configuring and monitoring the Security Information and Event Management (SIEM) platform for security alerts.
- Scanning and monitoring system vulnerabilities on servers and infrastructure devices using a Threat and Vulnerability security solution; coordinating artifact collection operations.
- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
- Collects network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents
- Collects network device integrity data and analyzes for signs of tampering or compromise
- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Characterize and analyze artifacts to identify anomalous activity and potential threats to resources
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions
- Research and test new security tools/products and make recommendations for tools to be implemented in the SOC environment
- Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer-related evidence
- Distilling analytic findings into executive summaries and in-depth technical reports
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Requirements
Required Skills:
- U.S. Citizenship
- Must have an active Secret clearance, TS/SCI preferred
- Must be able to obtain DHS Suitability
- Must demonstrate being a self-starter and give examples of leadership in customer-facing roles
- 8+ years of directly relevant experience in security operations using leading-edge technologies and industry-standard tools
- Experience with the analysis and characterization of cyber attacks
- Skilled in identifying different classes of attacks and attack stages
- Knowledge of system and application security threats and vulnerabilities
- In-depth knowledge of CND policies, procedures, and regulations
- In-depth knowledge and experience of network topologies - DMZs, WANs, etc. and use of Palo Alto products
- In-depth knowledge and experience of Wifi networking
- In-depth knowledge of TCP/IP protocols such as ICMP, HTTP/S, DNS, SSH, SMTP, SMB,
- Experience using Elastic SIEM
- Experience with vulnerability assessment and monitoring tools such as Security Center, Nessus, and Endgame
- Experience with reconstructing a malicious attack or activity based on network traffic
- Experience incorporating Threat Intelligence
- Experience with Crowdstike, Gray Noise and Shodan
-Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
- Must be able to work collaboratively across physical locations.
Desired Skills:
-Proficiency in Elastic SIEM engineering
-Proficiency with Snort
-Proficiency with other EDR Tools (Crowdstrike, Carbon Black, etc)
-Proficiency with network analysis software (e.g. Wireshark)
-Proficiency with carving and extracting information from PCAP data
-Proficiency with non-traditional network traffic (e.g. Command and Control)
-Proficiency with preserving evidence integrity according to standard operating procedures or national standards
-Proficiency with designing cyber security systems and environments in a Linux
-Proficiency with virtualized environments
-Proficiency in conducting all-source research.
Required Education:
BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics and network forensic experience
Desired Certifications:
- GSOM, GSOC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA
Company Overview:
Node. Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.
Our Core Values help us in our mission. They include:
OUR CORE VALUES
Identifying the~RIGHT PEOPLE~and developing them to their full capabilities
Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner
We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence
Our mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions
Benefits
We are proud to offer competitive compensation and benefits packages to include:
Medical
Dental
Vision
Basic Life
Long-Term Disability
Health Saving Account
401K
Three weeks of PTO
10 Paid Holidays
Pre-Approved Online Training