US Government, Department of the Navy
- Full Time
This is a public notice flyer to notify interested applicants of anticipated vacancies. Applications will not be accepted through this flyer. Interested applicants must follow the directions in the “How to Apply” section of this flyer to be considered. There may or may not be actual vacancies filled from this flyer. Notice of Result letters will not be sent to applicants who respond to this flyer. *SEE ADDITIONAL INFORMATION SECTION FOR JOB SUMMARY CONTINUATION.
For more details on elgibility, requirements, and evaluation. Please click “Apply Now”, which will take you to the US Gov job platform.
Job Grade: 13
Total Openings: 1
You will perform Shift Work (rotating) in a high OPTEMPO SOC.
You will monitor, protect, and defend the enterprise against malicious network traffic, ongoing and emerging threats.
You will utilize state of the art technologies such as host analysis, Endpoint Detection and Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt.
and investigative activity to examine endpoint and network-based data.
You will conduct analysis, host and network, forensics, log analysis, and triage in support of incident response.
You will recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
You will develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
You will lead response activities and mentor junior staff.
You will work with key stakeholders to implement remediation plans in response to incidents.
You will effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
You will author Standard Operating Procedures (SOPs) and training documentation when needed.
You will generate end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
You will perform other duties as assigned.
Applicant must have directly applicable experience that demonstrates the possession of knowledge, skills, abilities, and competencies necessary for immediate success in the position. Qualifying experience may have been acquired in any public or private sector job, but will clearly demonstrate past experience in the application of the particular competencies or knowledge, skills and abilities necessary to successfully perform the duties of the position. Such experience is typically in or directly related to the work of the position to be filled. Qualifying experience would be demonstrated by: 5 (+) years in an SOC Analyst or Incident Responder/Handler role Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2 The ability to take lead on incident research when appropriate and be able to mentor junior analysts Advanced knowledge of TCP/IP protocols Knowledge of Windows, Linux operating systems Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or ArcSight experience Deep packet and log analysis Some Forensic and Malware Analysis preferred Cyber Threat and Intelligence gathering and analysis Bachelor’s degree or equivalent experience Knowledge and experience with scripting and programming are also highly preferred Desirable certifications include, but are not limited to: GCIH, GCIA, GCFE, GREM, GCFA, GSEC Security + CEH, CISSP, CCNA (Security) or equivalent Certifications. CySA+ This position is within the Work Category Professional at Work Level Full Performance, Series and Grade GG-2210-13. Additional qualification information can be found from the following Office of Personnel Management website:https://dodcio.defense.gov/Cyber-Workforce/CES.aspx Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., professional, philanthropic, religious, spiritual, community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. SPECIFIC DUTIES OF POSITION: Performs as the Security Operations Center Tier III Senior Analyst: The incumbent is responsible for working within the SOC section while coordinating efforts with the SOC Operations, Digital Forensics Incident Response Team, DCO Engineers, Threat Intelligence, and Threat Hunt Teams. Major duties include implementing a comprehensive defensive cyberspace operations strategy to enable cyberspace options aligned to command priorities-the incumbent reports directly to the SOC Analyst Deputy. The incumbent will, directly and indirectly, coordinate with the Blue and Gray Space sections, Data Scientists, and Capability Developers regularly. The incumbent ensures that verification, validation, and accreditation for all SOC systems and projects follow the current DoD, USCYBERCOM, JMOC-E, NSA, Joint Capability Access Platform (JCAP) office, and other JMOC-Local DCO directorates and JMOC guidance. Serves as an advocate for all disciplines within the security program, including developing and subsequent enforcement of the organization’s security awareness programs, business continuity and incident response plans, and all governmental compliance issues. Oversees and maintains regulatory requirements and reviews changes for security implications and security applications. The incumbent will utilize client-monitoring consoles to monitor tools supplied by the client remotely. Basic and advanced correlation and investigation are to be performed using provided tools and using other approved network services. Perform event correlation using information gathered from various sources within the designated networks to detect, identify, and alert possible attacks/intrusions anomalous activities and misuse activities and distinguish these incidents and events from benign activities. Event correlation sources may include, but are not limited to: SIEM, Endpoint Detection and Response tools, endpoint system logs, and network traffic logs. Articulate anomalous behavior in these information sources to team members. Determine tactics, techniques, and procedures (TTP) employed by known advanced persistent threats. Document and submit configuration changes to correct identified computing environment vulnerabilities. The primary and advanced correlation and investigation are performed using the client-provided tools and other approved network services. The SOC Analyst is responsible for monitoring client security detection devices to detect potential attacks as they occur and provide information on previous malicious network attacks, performing triage on events reported by various detection devices to filter out false positives and known, accepted activities, analyzes data in response to incidents, events, threats, or malicious activity occurring at the systems or network level. Technical and Analytical Expertise: Coordinates and implements database designs and modifications of design characteristics at the systems/network level. The incumbent must provide analytical and evaluation methods and techniques to perform substantively professional or analytical work assignments independently. Possess the ability to analyze and articulate functional requirements and standards. Mastery of system testing and evaluation principles, methods, and tools to test the functionality of security controls and optimize the deployment of such controls and system operations. Intimate knowledge of Internet technologies to analyze potential threats and recommend solutions that provide security controls while enhancing networked systems’ capabilities. Mastery of new and emerging technologies and trends in the security industry to evaluate, provide guidance, and recommend adopting new or enhanced security controls and processes-related, knowledge of network security architecture, including the application of Defense-in-Depth principles. This type of analytical work involves many different and unrelated variables, processes, and methods to analyze substantive mission-oriented programs. Work is complicated due to continuing changes in information programs, technological developments, and conflicting requirements. The position is involved in several different processes, including a preliminary assessment of projects for security management purposes. Although established practices exist, there are often significant departures from these practices because of various requirements to preserve the security program’s integrity. The incumbent requires skills in engineering new ways to enhance network and network systems by using network management tools, collecting statistics on the various systems, and collecting, maintaining, and evaluating historical records. Assignments involve broad network requirements. The incumbents’ position require a wide variety of methods to evaluate alternatives and arrive at decisions or recommendations. The work typically involves engineering, testing, evaluating, and introducing new techniques and technology. The incumbent interfaces directly with a wide variety of Uniformed Service Personnel and Government Civilian specialists on these various data and communications systems. Assignments often involve several phases taking place simultaneously. The work involves coordinating the various integrated technical aspects of network telecommunication systems and other information processing technologies, including the analysis of moderate difficulty relating to hardware and software. The incumbent must identify problems and issues, exercise judgment in applying and adapting general guidelines to specific situations, and internal and external customers with various duties.