CSOC-Lead Tier 3 Analyst CISO North - (Local Candidates Only) The primary function of USPS Threat Detection team is to provide network threat detection, analysis, correlation, and incidence response capabilities that maintains and improve the security and resilience of the United States Postal Service (USPS) and its global mail supply chain. CSOC analyst are primarily responsible for actively monitoring the USPS infrastructure and user environment for threats and risks
ACI Federal is looking for experienced Tier 3 Cyber Threat Analyst Lead to join and support the 24 X 7 X 365 Cyber Security Operations Centers (CSOC) customer team working out of Falls Church, Virginia.
Shift available is:
CSOC Threat Detection duties include:
- 8 hours day shifts, Mondays - Friday 7AM - 4PM
- CSOC analyst investigating alerts, events, incidents, anomalies, errors, intrusions, malware, threats, attack vectors to identify, gather, analyze incident-related data and determining the appropriate response and recommend security improvements if needed
- CSOC Analyst determine whether an incident has occurred, analyze the precursors and indicators, look for correlating information, perform research, gather and document evidence, contain the incident, escalate and report actionable to Client OIG as needed
- CSOC Analyst perform proper and efficient analysis of incident-related data using Pcaps, logs from operating systems, services, applications, netflows, network-based, host-based devices and IDPS systems
- CSOC Analyst leverage tools and resources such as Splunk, Symantec Bluecoat, ServiceNow, Tanium, RedSeal, Anomali and many more to detect, research, correlate, analyze, document and respond to incidents in accordance with SOPs.
- CSOC Analyst use strong logical/critical thinking, problem solving abilities to detect, correlate and escalate cybersecurity incidents, provide in-depth analysis, utilize case management, SIEM and similar tools, prepare briefings and report of findings
- CSOC Analyst creates, track and resolve tickets resulting from investigating security events and incidents
- Other skills required include the fundamental understanding of computer networking, operating systems and multiple security technology (Windows Active Directory, Network protocols, IDS, IPS, DNS, Routers, Firewalls, DLP, Netflows, AV, SIEMs, ATTACK Matrix/Cyber kill Chain, etc.),
- Experience or capability of analyst to develop queries, data models, dashboards is a plus
- Great writing skills is very important.
A typical day include handover meetings at the beginning and end of shifts, analyst begins their day leveraging tools, detecting, analyzing incidents according to SOPs. Tickets are created, tracked, escalated and resolved by analyst. Analyst get an hour break. There are training events, to maintain analyst cutting edge. Analyst work physically out of a SOC. Theirs is continuous collaborations between Threat detection, Threat intelligence and USPS law enforcement.
Threat detection is obviously a part of several teams that help secure and maintain the resiliency of the USPS infrastructure.
- Candidate will perform a technical leadership role.
- Candidate must be self-motivated; must take ownership of issues
- Malware Incident Response experience
- Digital and Forensics identification and analysis experience
- Experienced (5+ years) in information security operations and/or related IT operational functions
- Must possess a minimum of a Bachelors Degree in Computer Science, Information Technology or Information Security (Masters Degree preferred).
(One or more desired)
- CompTIA Net+
- CompTIA A+
- CompTIA Security +
- CPTE - Certified Penetration Testing Engineer or CEH - Certified Ethical Hacker