Job Title: 80474 - Junior Cybersecurity Operations Analyst
Job Location: McLean VA 22102
Onsite Requirements:
- intrusion detection
- intrusion prevention
- incident response
Job Description:
PROJECT DESCRIPTION:
- The Cybersecurity Operations Unit is seeking a Cybersecurity Operations professional who will support daily technical operations for the unit.
BACKGROUND:
- The Cybersecurity Operations Unit (Cyber Ops Unit) seeks the services of a Contractor to serve as a junior Cybersecurity Operations analyst to work alongside existing Cyber Ops Unit analysts to assist in the daily technical operations of the unit.
- The Contractor shall provide analytical, administrative, and documentation support to enable the daily operations of the unit.
REQUIREMENTS:
- The candidate shall possess the knowledge and skills set forth in the Specialized Cybersecurity and Privacy Support Services BOA, Section H.3.c. for Labor Category 4, Junior Cybersecurity Operations, with the following set of additional knowledge and experience:
- Experience creating reporting and metrics that demonstrate the health and well-being of a cybersecurity program; knowledge of and experience with reporting and visualization tools and dashboarding capabilities such as Splunk, Tableau, PowerApps, or other measurement and reporting tools is highly desirable
- Experience creating impactful and visually appealing reports that communicate their point clearly
- Knowledge and experience with technical writing for computer network defense subjects
- Experience performing all-source threat intelligence analysis to support computer network defense activities
- Experience with computer network defense operations, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic; Splunk experience is highly desirable
- Experience monitoring and defending both local (on-premises) and cloud computing systems, to include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Cisco networking appliances, F5, Bluecoat, Palo Alto, VMware, CrowdStrike, Tenable, FireEye, Gigamon, and other common enterprise security technology providers
- Experience investigating network anomalies and responding to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)
- While candidates are not required to have these certifications, knowledge should be consistent with that of the following certifications: GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), and/or CompTIA Security+
- Preference will be given to candidates who provide work samples. Redacting client names and/or sensitive information is recommended.
- In lieu of work samples, the candidate must submit 2 narrative descriptions (5-10 sentences each), describing 2 different documentation projects they personally completed.
RESPONSIBILITIES:
The candidate shall provide support that includes, but is not limited to, the following tasks:
- Provide administrative support, including project management, incident management, workflow development, workflow optimization, document development, and more
- Ensure that the team remains on task and is responsive to taskers
- Identify duplicative efforts within the unit and help foster efficiencies
- Attend meetings as required, take meeting notes / minutes, capture action items on behalf of the Cyber Ops Unit, and provide that information back to the team
- Develop ad hoc reports, presentations, and documents as required by the Cyber Ops Unit to support operations
- Support FISMA reporting as needed
- Review reports, presentations, and documents developed by others in the Cyber Ops Unit and provide comments and/or in-line edits at the request of other team members
- Develop / author incident status reports for consumption at various levels within the Board, to include information such as a summary, an explanation of the incident itself, impact to the Board, completed actions, next steps, etc.
- Develop / author recurring quarterly metrics reports on behalf of the Cyber Ops Unit, to include measurements of the various functions within the Cyber Ops Unit; develop messaging that drives leadership awareness and informs decision-making
- Develop / author Situational Reports (SITREPS) for events that are important for broad awareness but may not yet be considered an incident
- Monitor open-source threat intelligence reporting sources for information that is actionable within Board systems; sources might include blogs, reports, articles, etc.; share findings with the Cyber Ops Unit analysts for action, as needed
- Support Cyber Ops Unit analysts in the analysis of log data and potential incidents
- Report on anomalous activity and potential cybersecurity incidents detected and addressed through daily monitoring of security devices and logs
- At the direction of the Federal Cyber Ops Unit analysts, author and implement custom detection content for the Board's perimeter and endpoint security solutions
- Provide advanced analysis and adversary hunting to proactively uncover evidence of adversary presence within the Board's systems and networks
- Perform the duties of a computer network defense operations analyst, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic
- Monitor and defend both local (on-premises) and cloud computing systems in support of the Cyber Ops Unit
- Investigate network anomalies and respond to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)