Blu Omega
Blu Omega is seeking a SOC Analyst to join our team onsite in Port Hueneme/Ventura County, CA. In this role, you'll work side by side a talented team of Cybersecurity professionals, ensuring the security of our DOD customer.
This role requires an Interim Secret Clearance, at minimum.
Role Description:
This role is responsible for supporting the analysis of all technology devices which may include Operational Technology (OT) and Industrial Control Systems (ICS) within enterprise. This includes analytical analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage.
An ideal candidate for this position will have the following background:
Proactive self-starter who has experience with system administration, Windows and Linux operating systems (OS) mechanics and filesystem structures, disk and memory forensics, commonly abused tools/vectors for persistence, privilege escalation, and lateral movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior, with respect to the environment they are found in. Familiarity with what routine OS activities and common software/user behavior looks like in the context of forensic artifacts or timelines. Familiarity with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint. Experience with the Cyber Kill Chain and defining the entire attack life cycle along with creating detailed reports on how impacts may or have occurred. Responsibilities:
Support client leaders in establishing and managing a Security Operations Center (SOC) to provide a secure environment that facilitates incident response and threat hunting activities. Manage the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices Conduct proactive threat hunts across endpoints, networks, cloud, and other environments to identify indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) of threat actors. Develop and execute hypotheses-driven hunts using a variety of data sources (logs, network traffic, endpoint telemetry, etc.). Analyze suspicious activities and security alerts to determine their nature, scope, and impact. Collaborate with incident response teams to investigate and remediate security incidents. Consume and operationalize threat intelligence feeds to inform hunting activities. Identify emerging threats and recommend countermeasures. Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency Create and refine detection rules, scripts, and automation workflows to improve threat hunting efficiency. Evaluate and implement new tools and technologies to enhance threat hunting capabilities. Conduct comprehensive technical analyses of computer evidence, research and integrate new security tools into the SOC, and synthesize findings into reports for both technical and non-technical audiences Document findings, create detailed reports, and present results to technical and non-technical stakeholders. Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions Qualifications:
At least 3 years of experience in security operations, demonstrating leadership in customer-facing roles Proactive mindset and curiosity to uncover hidden threats Ability to work independently and collaboratively in a fast-paced environment Strong attention to detail and commitment to continuous learning Able to ensure completed collection of artifacts to provided best possible outcome of a case Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and procedures Extensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations Nice to Have:
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS) Strong analytical and troubleshooting skills Proficient in forensics software tool kit (MAGNET) Able to provide expert content development in Splunk Enterprise Security using tstats and data models Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances Experience in other tools and communication languages as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification Examples of other certifications include:
DoD 8570 Cyber Security Service Provider (CSSP) or IAT Level II complaint Certified Ethical Hacker (CEH) Certified First Responder (CFR) Computer Hacking Forensic Investigator (CHFI) CompTIA Cyber Security Analyst (CySA+) Global Information Assurance Certification (GIAC) Certifications Network Forensic Analyst (GNFA). Certified Intrusion Analyst (GCIA). Certified Incident Handler (GCIH). Additional certifications at an equivalent may also be considered. Salary Range:
$90K - $130K Our final salary offer will be based on several factors, including depth of technical skills, work experience, education, certifications, and clearance
What Blu Omega Can Offer You:
Competitive benefits including Health Insurance, 401K w/ match, Paid Time Off and more. Results driven culture that embrace our core values Rewarding work contributing to our Nation's mission critical programs
Blu Omega is a Woman Owned Small Business Federal Technology services firm headquartered in Washington DC and supporting clients nationally. We provide Technology solutions for enterprise and government customers. Our team has a past performance in a diverse range of programs including those for Data Management, Cloud/Infrastructure, Software Development and Enterprise Applications.
An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
This role requires an Interim Secret Clearance, at minimum.
Role Description:
This role is responsible for supporting the analysis of all technology devices which may include Operational Technology (OT) and Industrial Control Systems (ICS) within enterprise. This includes analytical analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage.
An ideal candidate for this position will have the following background:
Proactive self-starter who has experience with system administration, Windows and Linux operating systems (OS) mechanics and filesystem structures, disk and memory forensics, commonly abused tools/vectors for persistence, privilege escalation, and lateral movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior, with respect to the environment they are found in. Familiarity with what routine OS activities and common software/user behavior looks like in the context of forensic artifacts or timelines. Familiarity with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint. Experience with the Cyber Kill Chain and defining the entire attack life cycle along with creating detailed reports on how impacts may or have occurred. Responsibilities:
Support client leaders in establishing and managing a Security Operations Center (SOC) to provide a secure environment that facilitates incident response and threat hunting activities. Manage the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices Conduct proactive threat hunts across endpoints, networks, cloud, and other environments to identify indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) of threat actors. Develop and execute hypotheses-driven hunts using a variety of data sources (logs, network traffic, endpoint telemetry, etc.). Analyze suspicious activities and security alerts to determine their nature, scope, and impact. Collaborate with incident response teams to investigate and remediate security incidents. Consume and operationalize threat intelligence feeds to inform hunting activities. Identify emerging threats and recommend countermeasures. Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency Create and refine detection rules, scripts, and automation workflows to improve threat hunting efficiency. Evaluate and implement new tools and technologies to enhance threat hunting capabilities. Conduct comprehensive technical analyses of computer evidence, research and integrate new security tools into the SOC, and synthesize findings into reports for both technical and non-technical audiences Document findings, create detailed reports, and present results to technical and non-technical stakeholders. Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions Qualifications:
At least 3 years of experience in security operations, demonstrating leadership in customer-facing roles Proactive mindset and curiosity to uncover hidden threats Ability to work independently and collaboratively in a fast-paced environment Strong attention to detail and commitment to continuous learning Able to ensure completed collection of artifacts to provided best possible outcome of a case Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and procedures Extensive knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations Nice to Have:
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS) Strong analytical and troubleshooting skills Proficient in forensics software tool kit (MAGNET) Able to provide expert content development in Splunk Enterprise Security using tstats and data models Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances Experience in other tools and communication languages as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification Examples of other certifications include:
DoD 8570 Cyber Security Service Provider (CSSP) or IAT Level II complaint Certified Ethical Hacker (CEH) Certified First Responder (CFR) Computer Hacking Forensic Investigator (CHFI) CompTIA Cyber Security Analyst (CySA+) Global Information Assurance Certification (GIAC) Certifications Network Forensic Analyst (GNFA). Certified Intrusion Analyst (GCIA). Certified Incident Handler (GCIH). Additional certifications at an equivalent may also be considered. Salary Range:
$90K - $130K Our final salary offer will be based on several factors, including depth of technical skills, work experience, education, certifications, and clearance
What Blu Omega Can Offer You:
Competitive benefits including Health Insurance, 401K w/ match, Paid Time Off and more. Results driven culture that embrace our core values Rewarding work contributing to our Nation's mission critical programs
Blu Omega is a Woman Owned Small Business Federal Technology services firm headquartered in Washington DC and supporting clients nationally. We provide Technology solutions for enterprise and government customers. Our team has a past performance in a diverse range of programs including those for Data Management, Cloud/Infrastructure, Software Development and Enterprise Applications.
An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.