VetJobs
Incident Detection Analyst - Washington DC
VetJobs, Washington, District of Columbia, us, 20022
Incident Detection Analyst - Washington DC
Join to apply for the
Incident Detection Analyst - Washington DC
role at
VetJobs Incident Detection Analyst - Washington DC
1 day ago Be among the first 25 applicants Join to apply for the
Incident Detection Analyst - Washington DC
role at
VetJobs Get AI-powered advice on this job and more exclusive features. Job Description
Job Description
ATTENTION MILITARY AFFILIATED JOB SEEKERS - Our organization works with partner companies to source qualified talent for their open roles. The following position is available to Veterans, Transitioning Military, National Guard and Reserve Members, Military Spouses, Wounded Warriors, and their Caregivers . If you have the required skill set, education requirements, and experience, please click the submit button and follow the next steps. All positions are onsite, unless otherwise stated.
Description:
Tyto Athene is searching for a Incident Detection Analyst to support our customer in Washington, DC.
Hours Of Operation/Shift:
Monday-Friday 3PM EST - 1130PM EST
Responsibilities:
Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs. Conduct Incident Triage to prioritize newly identified security incidents for follow-on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident. Conduct immediate actions to evaluate and contain threats as necessary in accordance with the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), Incident Response Operations Guide, and any other published SOC operations guides and manuals. Please see SLA SOC3. Perform deep dive analysis (manual and automated) of malicious links and files. Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events. Provide Executive Summary in accordance to IDT Operations Guide. Provide 5W briefing slides for each event for leadership briefing. Provide on demand time/trend/event based metric reports for SOC management. Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event. Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end to end incident response support to local incident responders to ensure the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary. Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary. Directly support the Judiciary Special Tactics and Active Response (JSTAR) team and provide incident response support for critical security incidents as they arise. Perform appropriate event escalation for events, notifications, and non-responsiveness from customers. Contractors shall track all notifications in the SOC ticketing system and escalate tickets to Watch Officers or SOC management in cases where the customer is non-responsive or requires clarification that is outside the scope of the normal operations. Contractors will be familiar with the JSOCIRP escalation and reporting procedures. Continuously review and update the Incident Handlers (IH) Guide and provide recommendations to annual updates for the JSOCIRP. All SOPs and Op Guides are federal government property. Contract staff provide recommendations in draft form for federal management review, approval and adoption. Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder
Auto req ID
454097BR
Minimum Education Required
Bachelors
Job_Category
Cybersecurity
Qualifications:
Additional Qualifications/Responsibilities
Required:
6 years of security intrusion detection examination experience involving a range of security technologies that product logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; Ability to communicate clearly both orally and in writing. Working experience with Splunk SIEM. At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments
Education/Certifications:
Bachelor’s degree in information systems, Computer Science or related field is preferred. Splunk Fundamentals I & II certification.
Clearance:
Public Trust
Compensation:
Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
Required:
Certificates/Security Clearances/Other
Splunk Fundamentals I & II certification.
City*
Washington
State*
District of Columbia
Job Code
Cyber_Security IT
Affiliate Sponsor
Tyto Athene
Salary Range
Not Disclosed Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Management and Manufacturing Referrals increase your chances of interviewing at VetJobs by 2x Sign in to set job alerts for “Incident Analyst” roles.
Washington, DC $110,000.00-$125,000.00 1 month ago Washington, DC $120.00-$125.00 1 month ago Washington, DC $120.00-$125.00 2 months ago Cybersecurity Incident and Application Analyst
Service Desk Analyst III (5+ years exp.)- Fairfax County
Service Desk Analyst II ( 2+ years exp.)- Fairfax County
Washington, DC $124,400.00-$232,700.00 1 week ago Reston, VA $70,000.00-$100,000.00 1 week ago Washington, DC $83,200.00-$106,000.00 2 days ago Washington, DC $80,000.00-$85,000.00 10 hours ago Herndon, VA $80,000.00-$85,000.00 1 day ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Incident Detection Analyst - Washington DC
role at
VetJobs Incident Detection Analyst - Washington DC
1 day ago Be among the first 25 applicants Join to apply for the
Incident Detection Analyst - Washington DC
role at
VetJobs Get AI-powered advice on this job and more exclusive features. Job Description
Job Description
ATTENTION MILITARY AFFILIATED JOB SEEKERS - Our organization works with partner companies to source qualified talent for their open roles. The following position is available to Veterans, Transitioning Military, National Guard and Reserve Members, Military Spouses, Wounded Warriors, and their Caregivers . If you have the required skill set, education requirements, and experience, please click the submit button and follow the next steps. All positions are onsite, unless otherwise stated.
Description:
Tyto Athene is searching for a Incident Detection Analyst to support our customer in Washington, DC.
Hours Of Operation/Shift:
Monday-Friday 3PM EST - 1130PM EST
Responsibilities:
Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs. Conduct Incident Triage to prioritize newly identified security incidents for follow-on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident. Conduct immediate actions to evaluate and contain threats as necessary in accordance with the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), Incident Response Operations Guide, and any other published SOC operations guides and manuals. Please see SLA SOC3. Perform deep dive analysis (manual and automated) of malicious links and files. Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events. Provide Executive Summary in accordance to IDT Operations Guide. Provide 5W briefing slides for each event for leadership briefing. Provide on demand time/trend/event based metric reports for SOC management. Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event. Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end to end incident response support to local incident responders to ensure the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary. Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary. Directly support the Judiciary Special Tactics and Active Response (JSTAR) team and provide incident response support for critical security incidents as they arise. Perform appropriate event escalation for events, notifications, and non-responsiveness from customers. Contractors shall track all notifications in the SOC ticketing system and escalate tickets to Watch Officers or SOC management in cases where the customer is non-responsive or requires clarification that is outside the scope of the normal operations. Contractors will be familiar with the JSOCIRP escalation and reporting procedures. Continuously review and update the Incident Handlers (IH) Guide and provide recommendations to annual updates for the JSOCIRP. All SOPs and Op Guides are federal government property. Contract staff provide recommendations in draft form for federal management review, approval and adoption. Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder
Auto req ID
454097BR
Minimum Education Required
Bachelors
Job_Category
Cybersecurity
Qualifications:
Additional Qualifications/Responsibilities
Required:
6 years of security intrusion detection examination experience involving a range of security technologies that product logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; Ability to communicate clearly both orally and in writing. Working experience with Splunk SIEM. At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments
Education/Certifications:
Bachelor’s degree in information systems, Computer Science or related field is preferred. Splunk Fundamentals I & II certification.
Clearance:
Public Trust
Compensation:
Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
Required:
Certificates/Security Clearances/Other
Splunk Fundamentals I & II certification.
City*
Washington
State*
District of Columbia
Job Code
Cyber_Security IT
Affiliate Sponsor
Tyto Athene
Salary Range
Not Disclosed Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Management and Manufacturing Referrals increase your chances of interviewing at VetJobs by 2x Sign in to set job alerts for “Incident Analyst” roles.
Washington, DC $110,000.00-$125,000.00 1 month ago Washington, DC $120.00-$125.00 1 month ago Washington, DC $120.00-$125.00 2 months ago Cybersecurity Incident and Application Analyst
Service Desk Analyst III (5+ years exp.)- Fairfax County
Service Desk Analyst II ( 2+ years exp.)- Fairfax County
Washington, DC $124,400.00-$232,700.00 1 week ago Reston, VA $70,000.00-$100,000.00 1 week ago Washington, DC $83,200.00-$106,000.00 2 days ago Washington, DC $80,000.00-$85,000.00 10 hours ago Herndon, VA $80,000.00-$85,000.00 1 day ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr