11/7/2017 District of Columbia
Details
OCTO - Cybersecurity SOCAnalyst
519422
District of Columbia
IASSV1 : 2-Journeyman
OCTO - Cybersecurity SOCAnalyst
Open
District of Columbia
1
12/15/2017
11/14/2017
2
200 I Street SE
In Person
No
No
0
Contract
The SOC Analyst is a tier 2 tech resource responsible for monitoring, detecting, analyzing,remediating, and reporting on cyber events and incidents impacting the tech infrastructureof the District of Columbia. Serves as advanced escalation point.
Summary The SOC Analyst is a tier 2 tech resource responsible for monitoring, detecting,analyzing, remediating, and reporting on cyber events and incidents impacting the techinfrastructure of the District of Columbia. Serves as advanced escalation point. Specifictasks 1. Provide in-depth cybersecurity analysis, and trending of log, event data, and alertsfrom diverse network devices and applications within the enterprise to identify andtroubleshoot specific cybersecurity incidents and make sound recommendations thatenable expeditious remediation. 2. Conduct security tool/application (for example, mcafeesiem) tuning engagements with analysts and engineers to develop/adjust rules and analyst
Title:
Req ID:
Region:
Requisition Details
Req. Class:
Title:
Req. Status:
Region:
No. of Openings:
Start Date:
No New SubmittalsAfter:
Max Submittals byVendor per Opening:
Worksite Address:
Agency InterviewType:
Advanced TechnicalScreening Required?:
Existing IncumbentResource?:
No. Filled:
Requisition Description
Engagement Type:
Short Description:
Complete Description:
11/7/2017 District of Columbia
response procedures and reduce false-positives from alerting. 3. Utilize advancedbackground and experience in information technology and incident response handling toscrutinize escalated cybersecurity events from tier 1 analysts—distinguishing these eventsfrom benign activities, and escalating confirmed incidents to the incident response lead. 4.Recognize, create and ingest indicators of compromise (ioc’s) for attacker tools, tactics,and procedures into network security tools/applications (for example, mcafee siem, paloalto content filter, anomali threatstream) to protect the government of the district ofcolumbia network. 5. Provide technical analytical guidance to, and quality-proofing of tier 1analysts analytical advisories and assessments prior to release from soc. 6. Coordinatewith and provide expert technical support to enterprise-wide technicians and staff to resolveconfirmed incidents. 7. Report common and repeat problems (trend analysis) to socmanagement and propose process and technical improvements to improve theeffectiveness and efficiency of the incident handling process. 8. Respond to inboundrequests via phone and other electronic means for technical assistance, and resolveproblems independently. Coordinate escalations and collaborate with internal technologyteams to ensure timely resolution of issues. Minimum qualifications 1. Five years of hands-on operational experience as a cybersecurity analyst/engineer in a security operationscenter, or equivalent knowledge in areas such as; cybersecurity operations, incidentanalysis and handling, vulnerability management, log analysis, and intrusion detection. 2.In-depth understanding of cybersecurity attack countermeasures for adversarial activitiessuch as network probing and scanning, distributed denial of service (ddos), phishing,malicious code activity such as worms, trojans, viruses, etc. 3. In-depth hands-onexperience analyzing and responding to security events and incidents with a majority of thefollowing technologies and/or techniques; leading security information and eventmanagement (siem) technologies, intrusion detection/prevention systems (ids/ips),network- and host- based firewalls, data leak protection (dlp), database activity monitoring(dam), web content filtering, vulnerability scanning tools, endpoint protection, securecoding, etc. 4. Excellent interpersonal, organizational, oral, communication and customerservice skills. 5. Strong knowledge of cybersecurity attack methodology to include tacticsand techniques, and associated countermeasures. 6. Strong knowledge of tcp/ip protocols,services, networking, and experience identifying, analyzing, containing, and eradicatingcybersecurity threats. 7. Adept at proactive search of the internet and other sources toidentify cybersecurity threat countermeasures, not previously ingested into network securitytools/applications, to apply to protect the government of the district of columbia network. 8.Excellent ability to multi-task, prioritize, and manage time and tasks effectively. 9. Ability towork effectively in stressful situations. 10. Strong attention to detail. The ideal candidate willhave a technical background with significant previous experience in an enterpriseenvironment with the following: 1. Previous experience leading a soc team unit responsiblefor analysis and correlation of cybersecurity event data 2. Skilled in understanding,recognizing, and detecting cybersecurity exploits, vulnerabilities, and intrusions in host andnetwork-based systems 3. Comprehensive knowledge of defense-in-depth principles andnetwork security architecture. 4. Experience with review of raw log files, and datacorrelation of firewall, network flow, ids, and system logs. 5. Experience in host forensics. 6.Knowledge of common network tools (e.g., ping, traceroute, nslookup). 7. Comprehensiveunderstanding of network services, windows/unix port, services. 8. Understanding ofdatabase structure and queries. Minimum education/certification requirements 1.Undergraduate degree in computer science, information technology, or related field 2. Gcia,gced, gpen, gcih or similar industry certification desired This position requires shift work ina 11x5 environment, and the capacity to work evening, overnight, and weekend hours asrequired. This position does not require a u.s. Government security clearance. On-goingtravel is not anticipated. --------------------------------------------- Contract job descriptionResponsibilities: 1. Determines enterprise information assurance and security standards. 2.Develops and implements information assurance/security standards and procedures. 3.Coordinates, develops, and evaluates security programs for an organization. Recommendsinformation assurance/security solutions to support customers’ requirements. 4. Identifies,reports, and resolves security violations. 5. Establishes and satisfies information assuranceand security requirements based upon the analysis of user, policy, regulatory, and resourcedemands. 6. Supports customers at the highest levels in the development andimplementation of doctrine and policies. 7. Applies know-how to government andcommercial common user systems, as well as to dedicated special purpose systemsrequiring specialized security features and procedures. 8. Performs analysis, design, anddevelopment of security features for system architectures. 9. Analyzes and defines securityrequirements for computer systems which may include mainframes, workstations, andpersonal computers. 10. Designs, develops, engineers, and implements solutions that meetsecurity requirements. 11. Provides integration and implementation of the computer systemsecurity solution. 12. Analyzes general information assurance-related technical problemsand provides basic engineering and technical support in solving these problems. 13.Performs vulnerability/risk analyses of computer systems and applications during allphases of the system development life cycle. 14. Ensures that all information systems are
11/7/2017 District of Columbia
Required/Desired Skills
functional and secure. Minimum Education/Certification Requirements: Bachelor’s degreein Information Technology or related field or equivalent experience
OCTO - 200 I Street, SEWashington DC 20003
OCTO - Office of the ChiefTechnology Officer
Hands-On OperationalExperience As A CybersecurityAnalyst/Engineer In A SecurityOperations Center
Required 5 Years
Prior Work With CybersecurityAttack Countermeasures ForAdversarial Activities Such AsMalicious Code and DDOS
Required 2 Years
In-Depth Hands-On ExperienceAnalyzing And Responding ToSecurity Events And IncidentsWith A Security Information AndEvent Management System
Required 2 Years
Strong knowledge ofcybersecurity attack methodologyto include tactics and techniques,and associated countermeasures.
Required 2 Years
Strong Knowledge Of Tcp/IpProtocols, Services, Networking,And Experience Identifying,Analyzing, Containing, AndEradicating Cybersecurity Threat
Required 2 Years
6-10 yrs developing, maintaining,and recommendingenhancements to ISpolicies/requirements
Required 6 Years
6-10 yrs performingvulnerability/risk analyses ofcomputer systems/apps
Required 6 Years
6-10 yrs identifying, reporting, andresolving security violations
Required 6 Years
Bachelor’s degree in IT or relatedfield or equivalent experience
Required
Skill Required /Desired Amount of Experience
Question 1 Absences greater than two weeks MUST be approved by CAI management in advance, and contactinformation must be provided to CAI so that the resource can be reached during his or her absence. TheClient has the right to dismiss the resource if he or she does not return to work by the agreed upon date.Do you accept this requirement?
Question 2 Please list candidate's email address that will be used when submitting E-RTR.
Question 3
Description
Client Information
Work Location: Cost Center:
Required /Desired
Questions