ARSIEM is looking for a Senior SOC Analyst . This position is a hybrid of telework and onsite with a 2-hour on-site reporting requirement and Business/Engagement Travel as required. The customer sets the onsite schedule based on mission requirements. This job will support one of our Government clients in Arlington, VA.

Responsibilities

• Assisting Federal team leads with establishing and operating a Security Operations Center responsible for securing a highly dynamic environment supporting Incident Response and Threat Hunting experts

• Configuring and monitoring the Security Information and Event Management (SIEM) platform for security alerts.

• Scanning and monitoring system vulnerabilities on servers and infrastructure devices using a Threat and Vulnerability security solution; coordinating artifact collection operations.

• Assesses network topology and device configurations, identifying critical security concerns and providing security best practice recommendations

• Collects network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents

• Collects network device integrity data and analyzes for signs of tampering or compromise

• Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information

• Characterize and analyze artifacts to identify anomalous activity and potential threats to resources

• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions

• Research and test new security tools-products and make recommendations of tools to be implemented in the SOC environment

• Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer-related evidence

• Distilling analytic findings into executive summaries and in-depth technical reports

• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

Minimum Qualifications

• BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics and network forensic experience

• Must demonstrate being a self-starter and give examples of leadership in customer-facing roles

• 8+ years of directly relevant experience in security operations using leading-edge technologies and industry-standard tools

• Experience with the analysis and characterization of cyber attacks

• Skilled in identifying different classes of attacks and attack stages

• Knowledge of system and application security threats and vulnerabilities

• In-depth knowledge of CND policies, procedures, and regulations

• In-depth knowledge and experience of network topologies DMZs, WANs, etc., and use of Palo Alto products

• In-depth knowledge and experience of Wifi networking

• In-depth knowledge of TCP-IP protocols such as ICMP, HTTP-S, DNS, SSH, SMTP, SMB,

• Experience using Elastic SIEM

• Experience with vulnerability assessment and monitoring tools such as Security Center, Nessus, and Endgame

• Experience with reconstructing a malicious attack or activity based on network traffic

• Experience incorporating Threat Intelligence

• Experience with Crowdstike, Gray Noise, and Shodan

• Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)

• Must be able to work collaboratively across physical locations

Preferred Qualifications

• Proficiency in Elastic SIEM engineering

• Proficiency with Snort

• Proficiency with other EDR Tools (Crowdstrike, Carbon Black, etc.)

• Proficiency with network analysis software (e.g., Wireshark)

• Proficiency with carving and extracting information from PCAP data

• Proficiency with nontraditional network traffic (e.g., Command and Control)

• Proficiency in preserving evidence integrity according to standard operating procedures or national standards

• Proficiency with designing cyber security systems and environments in a Linux

• Proficiency with virtualized environments

• Proficiency in conducting all source research.

• GSOM, GSOC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Clearance Requirement: This position requires a Secret clearance and the ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability and TS/SCI clearance.

Candidate Referral: Do you know someone who would be GREAT at this role? If you do, ARSIEM has a way for you to earn a bonus through our referral program for persons presenting NEW (not in our resume database) candidates who are successfully placed on one of our projects. The bonus for this position is $5,000, and the referrer is eligible to receive the sum for any applicant we place within 12 months of referral. The bonus is paid after the referred employee reaches 6 months of employment.