Security Operations Center Analyst, Senior
Washington, DC

Job Description

Security Operations Center Analyst, Senior

The Challenge:

Everyone knows security needs to be "baked in" to a system architecture, but you actually know how to bake it in. You can identify and implement ways to harden systems and reduce their attack surface. What if you could use your Cyber engineering skills to design and build secure systems for various federal government agencies? We're looking for an analyst who can create solutions that will stand up to even the most advanced Cyber threats.

As a Security Operations Analyst, Senior on our project, you'll apply a broad understanding of monitoring, analyzing, detecting, and responding to Cyber events and incidents within information systems and networks. You'll coordinate work with in house teams and client leadership to identify the right mix of tools and techniques to translate your customer's IT needs and future goals into a plan that will enable secure and effective solutions. We need to come up with the best solution, so you'll investigate new techniques, break free from the legacy model, and go where the industry is going. You'll lead the team through a critical approach to network design, providing alternatives and customizing solutions, to maintain a balance of security and mission needs. This is a chance to make a difference in the security of network traffic. Your technical expertise will be vital as you help customers overcome their most difficult challenges by integrating secure practices like preparing briefings and situation reports, applying new detection and mitigating strategies, coordinating eradication, conducting lessons learned in meetings, and authoring incident reports for the clients and designated entities. You'll be able to broaden your skillset into multiple platforms including Sourcefire, Splunk, Checkpoint, Sidewinder, Virtual Firewalls, RSA Security Analytics for Network Forensics, Varonis Encase Enterprise, Cisco ISE, Imperva, RSA Archer, Skybox, Qualys, and Fireeye Product Suite while building piece of mind in a critical infrastructure. Join our team, as we improve malicious threats through Cyber security.

Empower change with us.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people-that's Booz Allen Cyber. When you join Booz Allen, we'll help you develop the career you want.

Competitions - From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we've got plenty of chances for you to show off your skills.

Paid Research - Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University - CyberU has more than 5000 instructor-led and self-paced Cyber courses, a free online library that you can access from just about anywhere-including your phone-and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships - In addition to our tuition reimbursement benefit, we've partnered with University of Maryland University College to offer two graduate certificate programs in Cybersecurity-fully funded without a tuition cap.

Maker/Hackerspaces - Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

You Have:

* 7+ years of experience working in a security operation center (SOC) environment
* Experience with configuration and all the SOC tools in the environment, including McAfee Web Gateway, Splunk, Sourcefire, McAfee DLP, RSA Security Analytics, Encase, Varonis and FireEye
* Experience with managing and responding to major incidents, including preparing briefings and situation reports, applying new detection and mitigating strategies, coordinating eradication, conducting lessons learned in meetings, and authoring incident reports for the clients and designated entities
* Experience with writing and preparing all contract deliverable documentation, including standard operating procedures, incident management and operations plans
* Experience with network protection and monitoring tools, including Sourcefire, Splunk, Checkpoint, Sidewinder, Virtual Firewalls, RSA Security Analytics for Network Forensics, Varonis Encase Enterprise, Cisco ISE, Imperva, RSA Archer, Skybox, Qualys, and Fireeye Product Suite
* Ability to obtain a security clearance
* Ability to work night-shift and weekend shifts
* BA or BS degree

Nice If You Have:

* Experience with developing and implementing new processes and procedures to standardize work in the SOC for analysts, including address customer needs and requirements
* Experience with developing and implementing new security and analysis capabilities increasing the overall success of security operations and incident response activities
* Experience with monitoring and analyzing network alerts using Web traffic, firewall logs, Windows logs, intrusion detection and prevention alert and full packet capture capabilities and determining, if a compromise was successful
* Experience with creating new signatures, content for the intrusion detection system, and protecting the Securities and Exchange Commission (SEC) from new threats to their environment
* Experience with creating detail-oriented cases, and providing clear and concise information for team members and federal staff
* Experience with performing malware analysis in a sandbox environment on new samples of malware that are discovered within the customers environment to find indicators, and persistence mechanisms to develop content for detecting and blocking future compromise attempts
* Experience with performing host-based forensics to detect malicious artifacts, and determining system compromise and threat vectors for incidents

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We're an EOE that empowers our people-no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic-to fearlessly drive change.