Tier 2 NOSC Analyst

Sev1Tech is looking for a Tier 2 Network Operations and Security Center (NOSC) Analyst to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety.  The program will encompass a wide range of tasks including but not limited to: Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; Field Engineering technical support; and Cloud operations.

To ensure the integrity, security and resiliency of critical operations, we are seeking a Tier 2 NOSC Analyst with diverse backgrounds in cyber security systems operations, analysis and incident response. A strong work ethic, diligent time and attendance, written and verbal communications skills are a must.

Responsibilities include but are not limited to:

• Provide Security Monitoring and Incident Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise
• Conduct Event triage and security investigations for potential threat activity identified within the organization
• Execute deep-dive forensic investigations (host-based and network)
• Identify and implement counter-measures
• Track and report on incident activity to senior management
• Develop advanced analytics and countermeasures to protect critical assets from various cyber threats

• Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
• Three (3 plus) years of experience working in network defense environments
• Strong analytical and technical skills in computer network defense operations
• Ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis
• Prior experience and ability analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents
• Previous hands-on experience with a SIEM platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably Splunk)
• Experience using Swimlane for security automation (e.g., deploying proxy blocks)
• Strong logical/critical thinking abilities, especially analyzing security events (windows event logs, Tanium queries, network traffic, IDS events for malicious intent)
• Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings
• Excellent organizational and attention to details in tracking activities within various Security Operation workflows
• A working knowledge of the various operating systems (e.g., Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, as is working knowledge of network communications and routing protocols (e.g.,TCP, UDP, ICMP, BGP, MPLS) and common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS)
• Solid understanding of cyber threats and information security in the domains of TTP's, Threat Actors, Campaigns, and Observables
• Familiarity with intrusion detection systems, intrusion analysis, security information event management platforms, endpoint threat detection tools, and security operations ticket management
• Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment
• Shift Requirement: Ability to support coverage requirements for various shifts during holidays and weekends when required
• Shift Requirement: Ability to work greater than 40 hours per week as needed (occasional night and weekend work required) and/or 12-hour shift in a single day

• Ability to obtain a Public Trust clearance

• Certification Requirement: DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC
• Certification Requirement: DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification

• Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
• Familiarity with coding, scripting languages (BASH, Powershell, Python, PERL, RUBY etc.) or software development frameworks (.NET)
• One or more certifications: GCIA, GCIH, GCFA, GCFE, GREM, GISF, GMON, GXPN, CHFI, GNFA, OSCP, OSEE, OSCE, OSWP, CISSP, CCFP, LPT, CHFI, CySA

Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.

Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech

For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com

Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.