SOC Analyst - Drug Enforcement Administration (DEA)
KeenLogic is seeking to hire an Information Security Operation Analyst (SOC Analyst) to join our team at the Drug Enforcement Administration. The Information Security Analyst is responsible for designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information.
This is a full-time position offering Fortune 500-level health, dental, and vision benefits, PTO, 401(k), and life insurance. This is an onsite role with a daily schedule from 10:00 AM to 6:00 PM, based in Merrifield, VA.
About the Role
This is a Security Operations Center (SOC) position focused primarily on cybersecurity incident detection and response. Other primary areas of focus include:
Zero-day events
Utilizing cybersecurity tools to conduct investigations and analysis of events
Utilizing the seven steps of the Incident Response process
All duties support one or more of the following cybersecurity-related functions: information security, SA&A, incident response, cybersecurity, insider threat, computer forensics, vulnerability assessment and management, network data capture, intrusion detection, log management, auditing, security incident and event management (SIEM), and penetration testing.
Personnel assigned to this role will primarily serve on the Operations & Response (O&R) Team and may also support the Vulnerability Assessment and Penetration Test (VAPT) and Engineering teams.
This position also coordinates with the Cybersecurity Services Section and other client divisions, including:
IT Operations
Engineering & Integration
Software Operations
Office of Investigative Technology
Required Qualifications
Must be a U.S. citizen with an active Secret or Top Secret clearance
Must be eligible for a Top Secret clearance if requested
Bachelor's degree from an accredited college or university in one or more of the following disciplines (or equivalent documented formal training):
Computer Science
Information Systems
Engineering
Business
Physical Science
Other technology-related disciplines
6+ years of documented work experience performing any combination of:
Information System Security
Security Assessment & Authorization
Cybersecurity
Computer Forensics
Insider Threat
Preferred Qualifications
CompTIA CySA+ cybersecurity analyst certification
Cybersecurity incident response and detection experience
Experience in cybersecurity event triaging using the seven steps of the Incident Response Process (IRP)
Security Operations Center (SOC) experience
Conducting cyber event investigations to determine root cause and identify true/false positives
Creating rules, thresholds, and policies for cybersecurity tools (IOCs/IOAs)
Verification and validation, containment, eradication, and recovery from incidents
Experience validating hashes, malicious IPs, and URLs
Experience investigating malicious emails and payloads
Requirements analysis, program development, architecture, engineering, integration, and deployment of IT products in an enterprise environment
Ability to create and monitor multiple cybersecurity tool dashboards
Open-source intelligence gathering experience
Threat hunting and vulnerability assessment experience
Knowledge of SIEM tools and query generation
Duties
Perform network security monitoring and incident response for a large organization
Coordinate with other government agencies to record and report incidents
Maintain records of security monitoring and incident response activities using case management and ticketing technologies
Monitor SIEM tools to identify security issues for remediation
Recognize intrusion attempts and compromises through detailed analysis of event data
Communicate alerts regarding intrusions and compromises to networks, applications, and operating systems
Assist with implementation of countermeasures or mitigating controls
Support threat data analysis from classified, proprietary, and open-source resources
Support Team Lead in developing recommendations for changes to Standard Operating Procedures
Monitor and review logs and create new security tool signatures
Perform intrusion detection, log and audit management, vulnerability assessment, compliance management, and security configuration
Install, configure, troubleshoot, and maintain server configurations (hardware and software)
Manage accounts, security devices, patches, access control, and passwords
Analyze collected data to identify vulnerabilities and exploitation potential
Support development of security countermeasures
Identify network and OS vulnerabilities and recommend countermeasures
Support deployment and integration of security tools
Prepare written reports and provide verbal information security briefings
Investigate, monitor, analyze, and report on security incidents
Respond to crisis or urgent situations to mitigate threats
Apply mitigation, preparedness, response, and recovery approaches
Provide incident handling support for detection, analysis, coordination, and response
Actively monitor and remediate unauthorized activities
Monitor intrusion detection sensors and log collection systems
Ensure security systems are operating at maximum performance and availability
Analyze computer security threat information from multiple sources and agencies
Powered by JazzHR
