Network Security Specialist (Cyber Security Operations Support)

Responsibilities Include:

  • Conduct technical analysis of network traffic to identify anomalies, which may represent potentially malicious activity, and document the analysis in prescribed formats

  • Monitor and understand emerging threats on open source, defined as those technical vulnerabilities and exploits that could present a threat to government networks, analyze tools and exploits, and document the analysis in prescribed formats

  • Monitor IDS/IPS alerts, analyze associated network traffic, and document the analysis in prescribed formats

  • Report detected incidents to agencies, work toward resolution, escalate when required according to SOP

  • Development of IDS/IPS signatures based on indicators and analysis

  • Testing of IDS/IPS signatures to determine successful detection and level of false positives

  • Deployment of IDS/IPS signatures based on SOPs

  • Conduct technical analysis of data from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities

  • Assist with the development of mitigation strategies

  • Coordinate, communicate, share information, with CS&C and NCCIC components

  • Deploy to provide on-site support and assistance in the event of an exercise or cyber incident

  • Identify and document network-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access

  • Participate in inter-agency sponsored community of interest analysis groups, and technical briefings and exchanges.

  • Assist with developing and maintaining Standard Operating Procedures

  • Support the collection and reporting of performance metrics

Requirements that candidates will be evaluated against:

  • Bachelor’s degree

  • Active TS clearance with ability to receive DHS SCI and EOD (current approved DHS EOD preferred)

  • Advanced skills in developing IDS signatures and ability to conceptualize IDS signatures from otherwise disparate information

  • Highly proficient in working with SNORT IDS software

  • In-depth understanding of SOC/NOC operations

Preferred Qualifications or Skills:

  • DODD 8570 Level II certification (SANS certifications, CISSP)
  • Experience leading and managing within SOC/NOC operations
  • Familiarity with Kill Chain for incident response
  • Familiarity with malware analysis
  • Familiarity with forensics
  • Familiarity with incident response products and best practices
  • Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint)
  • Customer service experience

Want to apply later?

Type your email address below to receive a reminder

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
Error
Error
insert_drive_file
insert_drive_file