Security Resolutions Analyst
Tuknik Government Services

Lakewood, Colorado

This job has expired.


Security Resolution Analyst

Position Overview:

The Security Operations Center (SOC), Resolution activity is responsible for monitoring and investigating, all anomalous traffic across the agency, remediating malicious traffic, unauthorized software, malware forensics and SSA Security Policy violations, with documented and distributed system security standards. SOC protects client's critical assets by anticipating and leading the response to potential computer-related threats and vulnerabilities.

The objective is to ensure client has suitable personnel and processes in place to properly identify, investigate, and remediate, inappropriate and suspicious network behavior within the Enterprise Network. This activity is performed at approximate real-time to mitigate common, new, and unknown threats to client's Information System Network. The pay for this position is $70,000 to $85,000, based on experience and education.

Shift: 12:30-9pm MDT Thursday through Monday

Certifications:

  • Required ACTIVE cert: CompTIA A+
  • Also, at least one of the following ACTIVE certifications is required:
    • CompTIA Security+
    • CompTIA CySA+
    • CompTIA Network+

Essential Functions, Responsibilities & Duties may include, but are not limited to:

The contractor shall monitor, analyze, and manage the health of the network security operations systems. The contractor shall respond to events by documenting and investigating alerts generated by these systems.
  • Validate alerts from a variety of SSA monitoring technologies including but are not limited to:
    • Intrusion Detection Sensors
    • CAPRS and ServiceNow (SNOW) In-House Ticketing Systems
    • Security Event Manager: Splunk, Tanium / CrowdStrike
    • Command line Antivirus Scans
    • FireEye
  • Respond to and act on tickets opened by lower-level security engineers or SOC analysts in ServiceNow/CAPRS.
  • Utilize various malware removal and remediation tools to investigate, contain and prevent the spread of Malware to other agency devices.
  • Analyze RAM captures for security vulnerabilities. Document findings in ServiceNow/CAPRS.
  • Analyze and verify reported policy violators that are ticketed in ServiceNow.
  • Coordinate with other division's technicians as needed to troubleshoot/correct and eliminate threat.
  • Document all findings and corrective actions in the ticket.
  • Provide technical support, guidance and recommendations to other division's technicians when violation arise.
  • Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.
  • Monitor agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.
  • Utilize email, instant messaging, and other monitoring tools to remain aware of current network threats
  • Review all incoming alerts, properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.
  • Open a ticket for every potential security threat encountered and investigated throughout the course of their shift.
  • Analyze all levels of potential security threats and document findings within the agency incident response ticketing platform
  • Validate traffic and/or network activity (per alerts/logs) as anomalous in accordance with previously established Standard Operating Procedures, will be provided at the start of this subtask.
  • Identify, investigate, and escalate potential security threats to senior technicians residing in the Threat Remediation and Vulnerabilities Branch in accordance with established Standard Operating Procedures.
  • Utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports.
  • Manage the resolution of computer security events that affect client's information systems, through the use of SOC provided, incident response ticketing system.
  • Use the incident response-ticketing platform to determine and document problem status, resolution, and prevention measures.
  • Produce ad-hoc reports as directed by the task manager.
  • Provide written reports to the SOC Manager detailing all security events related to network security matters and submit these reports according to the procedures and reporting requirements established in the SOPs and guidelines.
  • Prepare monthly reports for insertion into the US-CERT Report.
  • Prepare a monthly report on the status and progress of all current open security incident tickets and ad-hoc assignments.
  • Perform a preliminary analysis of collected data.
  • Investigate Open-Source Threat Intelligence in accordance with established procedures.
  • Identify the necessity for, and implementation of, the creation of new intrusion detection signatures.

Education:
  • Required ACTIVE cert: CompTIA A+
  • Also, at least one of the following ACTIVE certifications is required:
    • CompTIA Security+
    • CompTIA CySA+
    • CompTIA Network+
  • Additional education considered includes bachelor or a master degree in computer science, cybersecurity, or information technology, or advanced certifications such as Certified Ethical Hacker (CEH) or Certified Information System Security Professional (CISSP).
  • The contractor shall possess a working knowledge of Security Operations and the role such systems play in detecting intrusion attempts.
  • The contractor shall have experience creating custom intrusion signatures to detect specific network traffic anomalies. This requires comprehension of, and experience with, most viruses and worms, which may infiltrate and propagate throughout a large network.
  • The contractor must have experience in populating sensors with newly available signatures when responding to events or management requests.
  • The contractor shall provide potential security threat reporting and tracking by means of the Change Asset Problem Reporting System (CAPRS) and other Incident Response specific support systems, as directed by the task manager.
  • The contractors shall have strong oral presentation skills and the ability to articulate English in a clear and concise manner.
  • The contractors completing this work shall manage awareness of the latest developments in incident response and the latest threats.
Work Experience, Knowledge, Skills & Abilities:
  • 4+ years in direct network management experience. BS Degree preferred.
  • Must be able to obtain a client sponsored Public Trust level of adjudication.
  • Contractors may be required to report for duty during period of inclement weather and other emergency situations.
  • Supports integration of multiple vendor products into a seamless operation.
  • Support functions may include system testing, diagnostics, performance and tuning, acceptance testing and specialized support for cyber tools.
  • The contractor must possess a working knowledge of Security Operations and the role such systems play in detecting intrusion attempts.
  • They must have experience responding to computer security incidents.
  • This requires comprehension of, and experience with, most viruses and worms that may infiltrate into and propagate throughout a large network. Must have experience with Microsoft Windows Operating Systems (XP and higher) both desktop and server, as well as experience with Solaris (9 and higher), Unix and Linux, and HP-UX.
  • Additionally, networking fundamentals are required to understand how network assets communicate and behave on the network, requiring routing and networking protocols such as IP, FTP, SSH, SSL, Telnet, SMTP, TCP/IP, UDP, Windows SMB, and others.
  • Strong subject matter experience in network characteristics analysis, design of network topologies and site configurations, installation, transition, and cutover of network components.
  • Candidates should have industry experience with these technologies, as SSA Cyber Security staff are responsible for all aspects of securing a large enterprise network.
  • Must also possess the ability to read and analyze device activities in memory captures.

Working Environment & Conditions

This position is primarily indoors, consistent with a standard office position and has a noise level of mostly low to moderate. The incumbent is required to stand; walk; sit; use hands to finger, handle, or feel objects, tools, or controls; reach with hands and arms; talk and hear. The work load may require the incumbent to sit for extended periods of time. The incumbent must be able to read, do simple math calculations and withstand moderate amounts of stress. The incumbent must occasionally lift and/or move up to 25 lbs. Specific vision abilities required by the job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.

Our Equal Employment Opportunity Policy

The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin, age, disability, military/veteran status, marital status, genetic information or any other factor protected by law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits and all other privileges, terms and conditions of employment.

The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or to apply to a position on our website, please contact Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations. This contact information is used for accommodation requests only and cannot be used to inquire on a status of your application.

Eagle Harbor Solutions LLC, an 8(a) certified company, is a wholly owned subsidiary of Koniag, Inc., an Alaska Native Regional Corporation and part of the Koniag Government Services Sector. EHS provides a range of professional services for cyber intelligence and information technologies capabilities to the Federal Government, Civilian, and commercial markets to further the nation's national security and civilian service missions. Eagle Harbor addresses some of our country's most pressing challenges in the areas of Cyber Intelligence, Business Analysis, Emergency Preparedness and Contingency Planning.

EOE Minorities/Female/Protected Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352

#LI-DM1


This job has expired.

Hispanic Inclusion Jobs

Gain Access


Add Your Resume

Add your resume to our resume database that can be searched by employers looking to hire!

Job Alerts

Stay up to date with job alerts! Customize your alerts based on a specific area, category and receive weekly updates!


Sign up now to gain access!

More IT jobs


Z's Associates, Inc
Evanston, Illinois
Posted about 2 hours ago
Z's Associates, Inc
Bethesda, Maryland
Posted about 2 hours ago
Z's Associates, Inc
Chicago, Illinois
Posted about 2 hours ago
View IT jobs ยป