Cyber Security Analyst - SOC Support

• Tracks and analyzes activity on servers, endpoints, networks, applications, databases, websites on other technology systems;
• Provides a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident;
• Applies techniques for detecting host and network-based intrusions using intrusion detection technologies;
• Operates security monitoring, investigation, and reporting tools;
• Provides daily operational oversight of incidents and alerting from multiple platforms;
• Creates, manages, and dispatches incident tickets associated with deception detections and alerts;
• Identifies necessary tools or processes to improve the efficacy of the team;
• Receives, analyzes, and responds to alerts, to include after hours, holidays, and weekends during incidents or priority events;
• Coordinates with Managed Security Service Provider(s) to investigate events and incidents;
• Designs and coordinates the build out of the Security Operations Center (SOC) processes and procedures;
• Develops and maintains the SOC framework;
• Provides security reports and metrics;
• Performs incident identification and triage according to NIST standards;
• Assists with annual Security Incident tabletop testing;
• Performs network and host forensics in response to security events and incidents;
• Analyzes malware and other attacker Tactics, Techniques, and Procedures (TTPs) in response to security events and incidents;
• Tracks and analyzes activity on servers, endpoints, networks, applications, databases, websites and other technology systems;
• Provides a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident;
• Builds constructive relationships with internal and external stakeholders, and mentors security operations analysts;
• Provides on-the-job training, mentoring, and guidance/oversight for new and/or junior analysts;
• Performs threat hunts in addition to developing and maintaining threat hunting strategies;
• Maintains understanding of current events, latest threats, and industry trends relating to information security.

• Bachelor's degree in Information Technology, Computer Science, Mathematics, Statistics, Business, Engineering, or management information systems and twenty (20) years of experience is required; OR
• Master's degree in Information Technology, Computer Science, Mathematics, Statistics, Business, Engineering, or management information systems and fifteen (15) years experience is required;
• Active DoD-issued Top Secret with Sensitive Compartmented Information (TS/SCI) Security Clearance is required at start;
• ISACA Certified Information Security Manager (CISM) Certification is required, in addition to one or more of the following technical security certifications:
  • GCIH – GIAC Certified Incident Handler
  • SSOC – GIAC Security Operations Certified
  • GMON – GIAC Continuous Monitoring Certifications
• Ten (10) years’ experience leading and coordinating incident response efforts in relation to information security events, chronologically summarizing incidents and document incident reports, leading analysis, and remediation efforts among various teams within the organization, managing process documentation, providing metrics to leadership, standing up meetings and incident coordinating for information security incidents is required;
• Ability to demonstrate own technical development in one or more of the following areas: Detection, Cyber Intelligence, Monitoring, Analysis;
• Ability to lead and independently triage, analyze, and respond to information security alerts, including decision-making is required;
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies is required;
• Must demonstrate familiarization with the following tools:
  • Symantec BlueCoat
  • Cyber Ark
  • CounterAct ForeScout
  • McAfee ePO
  • Cisco FirePOwer
  • Sailpoint IdentityIQ
  • RedSeal
  • Impreva SecureSphere
  • RSA Netwitness
  • Tenable.sc
  • Splunk
  • NetworkCritial TAPs
  • Authentic8 Silo
  • Proofpoint
  • CentryLink DDos Protection
• Ability to lead and independently triage, analyze, and respond to information security alerts, including decision-making is required;
• Strong knowledge of information security standards and industry best practices is required;
• Significant experience writing reports and documenting events/incidents/investigations is required;
• An aptitude for learning is also critical for success in this role, as well as a demonstrated ability to adapt to the changing demands of business is required;p
• Strong communication, written skills and a strong customer service orientation are essential for this role.

Established in 1995, Global Business Solutions, LLC (GBSI) offers customers a distinctive blend of information technology capabilities, education and training services, and information assurance solutions. Managed by a team of executive leaders experienced in the field of information technology and training services within the industry and government, GBSI prides itself on exceeding expectations. Our award-winning solutions give clients the support tools needed to successfully deliver in evolving environments with confidence.

GBSI is an affirmative action/equal opportunity employer. All Qualified applicants will receive consideration for employment without regard for race, religion, color, national origin, sex, age, status as a protected veteran, among other things, or status as a qualified individual with a disability.

This Contractor and subcontractor shall abide by the requirements of 41 CFR-60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.

Pay Transparency Nondiscrimination Provision:

GBSI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with GBSI’s legal duty to furnish information.

Drug Free Workplace:
We maintain a drug-free workplace and perform pre-employment substance abuse testing.