Cyber Security Analyst Senior in Huntsville, AL at General Dynamics Information Technology

Date Posted: 7/3/2020

Job Snapshot

Job Description

We are looking for a Cyber Security Analyst Sr. to help plan, implement, and maintain a new Security Operations Center (SOC) program. This SOC will be responsible for providing cyber security services to customers. Services include, but are not limited to, Nessus vulnerability scanning and reporting; Juniper SRX firewall auditing and hardening; Juniper Cloud ATP IDS/IPS implementation, maintenance, and monitoring; SIEM implementation, maintenance, and monitoring; interfacing with customers in regard to security events and incidents; and delivering vulnerability reports to customers and stakeholders. May interface with external entities including law enforcement, intelligence and other government organizations and agencies. 

Overall goal is to help plan, implement, and maintain the SOC related to the following areas:

  • Vulnerability Management – Nessus vulnerability scanning and reporting
  • Splunk (or equivalent SEIM / log aggregation)
  • Juniper ATP Cloud- Basic familiarity with IDS and IPS setups
  • Juniper SRX firewall auditing and hardening
  • Experienced Incident Response Team (IR/IRT) troubleshooting, root cause analysis and remediation verification
  • Understanding basic networking, sub-netting, IDS, NAT, ACL's, etc.
  • Delivering vulnerability reports and SIEM reports to customers and stakeholders

Primary Responsibilities:

  • Lead, mentor, and work closely with other SOC staff members
  • Design and implement server and networking infrastructure to provide SOC services
  • Must be willing to lead major incident management process and provide/support SOC leadership while dealing with customer incidents
  • Develop, author, and deliver process improvements for the SOC in order to maintain operational readiness for incident response
  • Work as part of a 24x7x365 team delivering real time proactive monitoring and maintenance of supported security tools
  • Carry out triage on security events, coordinate incidents with SOC staff, network operations, network engineering, systems, and application teams while supporting and updating the incident management process
  • Identify and respond to incidents, to prevent or limit damage to assets, and report incidents
  • Detect and analyze incidents, coordinate activities with other stakeholders for containing, eradicating, and recovering from incidents
  • IDS monitoring and analysis, network traffic and log analysis, prioritization and differentiation between potential intrusion attempts, determination of false alarms, insider threat and APT detection, and malware analysis/forensics

Possible additional responsibilities may include:

  • Provide enterprise-wide management of security incidents, managed network space, to detect, respond, and report all computer related incidents that includes daily monitoring of information systems, vulnerability remediation, intrusion detection, log reviews, and malware tracking
  • Coordinate all information security incidents compiled with timeline specifics
  • Coordinate the development of reports from the SIEM, IDS/IPS, and vulnerability scanning
  • Remain up to date with current attack methods and characteristics in order to identify threats and advise on prevention, mitigation and remediation
  • Monitor and report on call volumes, alarm responses, and incident reports to ensure appropriate levels of service are met
  • Partner with IT leadership and teams to support operational issues and prepare for potential incidents
  • Support annual updates of the incident response concept of operations document
  • Support annual incident response tabletop exercises
  • Support and update standard operational procedures (SOPs) for use by all shift personnel
  • Perform other tasks consistent with the goals and objectives of the SOC and customers
  • Development of advanced analytics and countermeasures to protect critical assets

Ideal Qualifications:

  • Bachelor’s Degree plus 6 years of relevant work experience or 10 years of relevant work experience in-lieu of bachelor’s degree
  • Experience writing threat reports or other management level communications
  • Experience with detecting, remediating, and reporting on cyber security events
  • Linux and Windows administration experience
  • Cyber Security experience

Additional Preferred Qualifications:

  • Leadership experience of teams of 5 or more ideally within a SOC
  • Juniper firewall administration
  • Configuration Management - STIG/SCAP compliance baselines for Windows, Mac, Linux
  • Penetration Test Response and Remediation
  • DevSecOps – software development lifecycle security
  • Ansible automation planning and implementation
  • Experience with Nessus vulnerability scanning service
  • Experience with Juniper ATP Cloud and JunOS Space
  • CISSP certification
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.