For 30 years, clients in the private and public sectors have relied upon SOS International LLC (SOSi) for critical operations in the world's most challenging environments. SOSi is privately held, was founded by its current ownership in 1989, maintains corporate headquarters in Reston, VA, and specializes in providing logistics, construction, training, intelligence, and information technology solutions to the defense, diplomatic, intelligence and law enforcement communities.
All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
5-180918-7823: Network Security Specialist
LocationU.S. - Virginia - Fairfax Open Date6/5/2019 JOB DESCRIPTION
STG, an affiliated company of SOS International LLC (SOSi), is seeking a Network Security Specialist to support the Department of Homeland Security in Fairfax, VA. The selected candidate will perform technical analysis of network activity; the analyst monitors and evaluates network flow data, signature-based IDS events and full packet capture (PCAP) data. Triage IDS alerts; collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, prepare initial summary reports. Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data. Analyze network flow data for anomalies and to correlate reporting with enterprise-wide network activity. Lightweight programming/scripting skills to automate analytics are a plus. Document key event details and analytic findings in an incident management system.
The selected applicant will become part of the United States Computer Emergency Readiness Team (US-CERT), responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. US-CERT provides advanced network and digital media analysis expertise and defends against malicious activity targeting networks within the United States and abroad.
ESSENTIAL JOB DUTIES
* Conduct technical analysis of network traffic to identify anomalies, which may represent potentially malicious activity, and document the analysis in prescribed formats
* Monitor and understand emerging threats on open source, defined as those technical vulnerabilities and exploits that could present a threat to government networks, analyze tools and exploits, and document the analysis in prescribed formats
* Monitor IDS/IPS alerts, analyze associated network traffic, and document the analysis in prescribed formats
* Report detected incidents to agencies, work toward resolution, escalate when required according to SOP
* Development of IDS/IPS signatures based on indicators and analysis
* Testing of IDS/IPS signatures to determine successful detection and level of false positives
* Deployment of IDS/IPS signatures based on SOPs
* Conduct technical analysis of data from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities
* Assist with the development of mitigation strategies
* Coordinate, communicate, share information, with CS&C and NCCIC components
* Deploy to provide on-site support and assistance in the event of an exercise or cyber incident
* Identify and document network-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access
* Participate in inter-agency sponsored community of interest analysis groups, and technical briefings and exchanges.
* Assist with developing and maintaining Standard Operating Procedures
* Support the collection and reporting of performance metrics
* Security Clearance: Active Top Secret Security Clearance with SCI eligibility is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
* Education: Bachelors Degree in a Cybersecurity related field
* Certifications: Security+, GCIA, GCIH, GSE, or other related professional certifications
* This position may be filled at multiple grades based on experience: Minimum of 2 years related technical experience for a level 2 role, minimum of 5 years related technical experience for a level 3 role, minimum of 9 years related technical experience for a level 4 role, or minimum of 15 years related technical experience for a level 5 role.
* Advanced skills in developing IDS signatures and ability to conceptualize IDS signatures from otherwise disparate information
* Highly proficient in working with SNORT IDS software
* In-depth understanding of Security Operations Center (SOC)/ Network Operations Center (NOC) operations
* Previous experience managing a SOC/NOC environment highly preferred
* Current DHS Suitability at the SCI level.
* Experience working within the Federal government technology community
* Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and shortcomings in this structure.