IA Computer Security Associate 3 #3298

Overview

GovCIO is currently hiring for an IA Cyber Security Associate 3. This position will be located in Washington, D.C. and is a hybrid role.

Responsibilities

In support of Intrusion Detection, the Contractor shall perform the following

• Document all incidents and create a clear narrative that supports their conclusions. Providing Tier 1 support and escalating all events to Technical Leads for review before completing event notation to ensure accuracy and completeness. All events requiring High Urgency or JASIRC level handling shall be escalated to the Shift Technical Lead and Federal Watch Officer. Events requiring over 30 minutes of analysis shall be escalated to Incident Responders for further investigation. Please see SLA SOC-2.
• Accurately review, annotate, and resolve events identified for review by our sensors, customers, vendors or partners 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs. The Contractor shall ensure that all incidents are supported with evidence and artifacts derived from analysis. The Contractor shall draft an email notification to AO and U.S. Court customers for review and release by Tier 2 incident responders.
• Provide clear and actionable event notifications to customers. Notifications to customers must provide enough detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event.
• Immediately respond to all events identified and provide clearly documented analysis. Identification of events may come from, but is not limited to, the current SIEM system, Security Sensor Management Consoles, Security Operations Center (SOC) Email Accounts, Tasks assigned through the Current Incident Ticketing System or SOC phone line. The Contractors will document all findings within the current SIEM and ticketing system in use and follow annotation procedures and documentation standards provided in the IDT Operations Guide and the JSOCIRP.
• Create a ticket in the AO SOC ticketing system for tracking and escalation purposes where a specific action is required for an event. Specific actions for events will be taken in accordance with the guidelines outlined in the “IDT Operations Guide”, The JSOCIRP or other published Standard Operating Procedures.
• Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events.
• Perform ad-hoc analysis of events in the current SIEM and other SOC tools looking for malicious activity and other security related events that were not identified by the automated processes.
• Provide an immediate response to all customer inquiries and information requests. For tracking and metrics purposes, all interactions with customers will be recorded in the current ticketing system as soon as the incident is reported. All communications will take place in accordance with the guidelines as set out in the outside communication section of the “IDT Operations Guide” and the JSOCIRP, which will be provided upon task order award.
• Perform appropriate escalations for events, notifications, and non-responsiveness from customers. Contractors shall track all notifications and escalate tickets to Watch Officers or SOC management in cases where the customer is non-responsive or requires clarification that is outside the scope of the normal operations. Contractors shall be familiar with the JSOCIRP escalation and reporting procedures.
• Provide analytics capabilities with respect to threat event data for visualization and trend analysis. Analytics capabilities include:
• Identify, retrieve and report on specific SOC data
• Utilize visualization tools permitting the identification of trends in event data
• Enable users to display, sort, filter, and query data contained in event records of all types.
• Export record and analysis data in a variety of ways, including but not limited to, screen, printer, e-mail, text, HTML, Adobe PDF, and MS Excel

Qualifications

Experience Requirements-

• 6 years of security intrusion detection examination experience involving a range of security technologies that product logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; the ability to communicate clearly both orally and in writing. Working experience with Splunk SIEM.
• At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments.

Education//Certifications-

Bachelor’s Degree in Information Systems, Computer Science or related field is preferred. // Splunk Fundamentals I & II certification or Equivalent.

Work Schedule: Monday -Friday - 2^nd Shift, 3:00pm - 11:30pm.

Hybrid:  Monday-Thursday - Onsite, Friday - Remote

Clearance - Must be able to obtain a Public Trust

Company Overview

GovCIO is a team of transformers--people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.

But we can't do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer?

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.

Posted Pay Range

The posted pay range, if referenced, reflects the range expected for this position at the commencement of employment, however, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, education, experience, and internal equity. The total compensation package for this position may also include other compensation elements, to be discussed during the hiring process. If hired, employee will be in an “at-will position” and the GovCIO reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, GovCIO or individual department/team performance, and market factors.

Pay range: $125,000 - $135,000 Annually