Jr. Cyber security engineer with Python scripting exp
Information Technology | Ashburn, VA | Contract
Note:-
Mid shift- 11:pm to 7:30 am
MUST HAVE SKILLS:
- Ability to obtain GSA Public Trust clearance
- At least three years of experience in security-related fields including prior SOC experience
- Ability to communicate clearly and concisely in written and oral English
- Experience using a supported Security Incident Event Management (SIEM) for analytics
- Knowledgeable with scripting, parsing, and query development in enterprise SIEM solutions
- Experience in tuning use cases & content, driven from day to day optimizations, with understanding
of best practices to ensure adjustments do not cause false negatives
- Experience with documenting processes and procedures as well as training team members on
processes and procedures
- Exceptional problem solving skills
- Ability to drive process improvements and identify gaps
- Proactive in engaging with customers and Verizon management teams
- Thorough understanding of threat landscape and indicators of compromise
- Experience with incident response techniques related to network forensic analysis
- Experience investigating security incidents with SIEMs, use case development/tuning, and
understanding of incident response
- Experience with IPS including analyzing alerts generated by the inspection with consideration to
how signatures are written, and how to identify false positives
- Experience with implementing changes on next generation firewalls including firewall policy &
content inspection configuration ( Fortimanager, Fortigate, Cisco, Palo Alto, Checkpoint, etc.)
- Skilled with Linux command line
- Experience with health and availability monitoring; understanding of device logging and ingestion,
network troubleshooting, and device troubleshooting
DESIRED SKILLS:
- Scripting knowledge in (ie. Python, Powershell, Bash Shell, Java, etc.)
- Incident response experience utilizing different SIEMs and industry best practices
- Experience with customer service and supporting service desk functions such as IAM management
JOB DUTIES:
Security Analysts comprise the primary labor force within the Security Operations Center. Tier-2
Security Analysts come from an enterprise background with at least three years’ experience working
in a security-related field, enabling them to undertake a wide variety of tasks across a number of
different platforms. Analysts will handle day-to-day tasks, as well as short-notice ad-hoc work, and
see the tasks through to completion with minimal supervision. Security Analysts provide critical value
to the Security Incident and Event Management (SIEM) workflow, leveraging their extensive
knowledge to provide context to events; recommendations for remediation actions; and suggestions
for implementing best practices and improving standard processes and procedures.
Duties of the Tier-2 Senior Security Analyst include:
- Provide “eyes on glass” near real-time security monitoring in a 24x7 environment by monitoring
security infrastructure and security alarm devices for Indicators of Compromise utilizing a proprietary
SIEM and cybersecurity tools;
- Perform near real-time security monitoring of alerts and escalating critical alerts in compliance with
the service level agreement;
- Detect security incidents and analyze threats for complex and/or escalated security events;
- Respond to customer Requests For Information including using Linux command line skills to query
raw logs for IOCs, answering questions about the MSS infrastructure, and features of the SIEM
including correlation engine while recommending best practices;
- Develop internal and/or external documentation, such as detailed procedures, playbooks, and
runbooks; review and assess reports concerning operational metrics;
- Perform level 2 assessment of incoming alerts (assessing the priority of the alert, determining
severity of alert in respect to customer environment, correlating additional details) and coordinate
with tier III for critical priority incidents, if necessary;
- Perform incident response activities utilizing customer SIEM and cybersecurity toolkits;
- Assist with quality control during onboarding of new customers to verify validity of Use Cases and
generated alerts;
- Utilize the SOC Knowledge Base and provide input on revisions as needed;
EDUCATION/CERTIFICATIONS:
- Required: Bachelors or higher degree in Computer Science, Information Security, or similar
discipline
- Required: industry certification(s) such as CISSP, SANS GIAC or GCIH, CompTIA Security+,
CCNP-Security, Palo Alto CNSE, Fortinet NSE, CySA+, GCED, CEH, or comparable security-related
certification
LOGISTICS:
- Shift work required, including nights and weekends. Team members work 5x8 hour shifts per week.
The position would start off as a Monday through Friday 7:00a, - 3:30pm while the new hire is
onboarded and trained.