11/7/2017 District of Columbia

Details

OCTO - Cybersecurity SOCAnalyst

519422

District of Columbia

IASSV1 : 2-Journeyman

OCTO - Cybersecurity SOCAnalyst

Open

District of Columbia

1

12/15/2017

11/14/2017

2

200 I Street SE

In Person

No

No

0

Contract

The SOC Analyst is a tier 2 tech resource responsible for monitoring, detecting, analyzing,remediating, and reporting on cyber events and incidents impacting the tech infrastructureof the District of Columbia. Serves as advanced escalation point.

Summary The SOC Analyst is a tier 2 tech resource responsible for monitoring, detecting,analyzing, remediating, and reporting on cyber events and incidents impacting the techinfrastructure of the District of Columbia. Serves as advanced escalation point. Specifictasks 1. Provide in-depth cybersecurity analysis, and trending of log, event data, and alertsfrom diverse network devices and applications within the enterprise to identify andtroubleshoot specific cybersecurity incidents and make sound recommendations thatenable expeditious remediation. 2. Conduct security tool/application (for example, mcafeesiem) tuning engagements with analysts and engineers to develop/adjust rules and analyst

Title:

Req ID:

Region:

Requisition Details

Req. Class:

Title:

Req. Status:

Region:

No. of Openings:

Start Date:

No New SubmittalsAfter:

Max Submittals byVendor per Opening:

Worksite Address:

Agency InterviewType:

Advanced TechnicalScreening Required?:

Existing IncumbentResource?:

No. Filled:

Requisition Description

Engagement Type:

Short Description:

Complete Description:

11/7/2017 District of Columbia

response procedures and reduce false-positives from alerting. 3. Utilize advancedbackground and experience in information technology and incident response handling toscrutinize escalated cybersecurity events from tier 1 analysts—distinguishing these eventsfrom benign activities, and escalating confirmed incidents to the incident response lead. 4.Recognize, create and ingest indicators of compromise (ioc’s) for attacker tools, tactics,and procedures into network security tools/applications (for example, mcafee siem, paloalto content filter, anomali threatstream) to protect the government of the district ofcolumbia network. 5. Provide technical analytical guidance to, and quality-proofing of tier 1analysts analytical advisories and assessments prior to release from soc. 6. Coordinatewith and provide expert technical support to enterprise-wide technicians and staff to resolveconfirmed incidents. 7. Report common and repeat problems (trend analysis) to socmanagement and propose process and technical improvements to improve theeffectiveness and efficiency of the incident handling process. 8. Respond to inboundrequests via phone and other electronic means for technical assistance, and resolveproblems independently. Coordinate escalations and collaborate with internal technologyteams to ensure timely resolution of issues. Minimum qualifications 1. Five years of hands-on operational experience as a cybersecurity analyst/engineer in a security operationscenter, or equivalent knowledge in areas such as; cybersecurity operations, incidentanalysis and handling, vulnerability management, log analysis, and intrusion detection. 2.In-depth understanding of cybersecurity attack countermeasures for adversarial activitiessuch as network probing and scanning, distributed denial of service (ddos), phishing,malicious code activity such as worms, trojans, viruses, etc. 3. In-depth hands-onexperience analyzing and responding to security events and incidents with a majority of thefollowing technologies and/or techniques; leading security information and eventmanagement (siem) technologies, intrusion detection/prevention systems (ids/ips),network- and host- based firewalls, data leak protection (dlp), database activity monitoring(dam), web content filtering, vulnerability scanning tools, endpoint protection, securecoding, etc. 4. Excellent interpersonal, organizational, oral, communication and customerservice skills. 5. Strong knowledge of cybersecurity attack methodology to include tacticsand techniques, and associated countermeasures. 6. Strong knowledge of tcp/ip protocols,services, networking, and experience identifying, analyzing, containing, and eradicatingcybersecurity threats. 7. Adept at proactive search of the internet and other sources toidentify cybersecurity threat countermeasures, not previously ingested into network securitytools/applications, to apply to protect the government of the district of columbia network. 8.Excellent ability to multi-task, prioritize, and manage time and tasks effectively. 9. Ability towork effectively in stressful situations. 10. Strong attention to detail. The ideal candidate willhave a technical background with significant previous experience in an enterpriseenvironment with the following: 1. Previous experience leading a soc team unit responsiblefor analysis and correlation of cybersecurity event data 2. Skilled in understanding,recognizing, and detecting cybersecurity exploits, vulnerabilities, and intrusions in host andnetwork-based systems 3. Comprehensive knowledge of defense-in-depth principles andnetwork security architecture. 4. Experience with review of raw log files, and datacorrelation of firewall, network flow, ids, and system logs. 5. Experience in host forensics. 6.Knowledge of common network tools (e.g., ping, traceroute, nslookup). 7. Comprehensiveunderstanding of network services, windows/unix port, services. 8. Understanding ofdatabase structure and queries. Minimum education/certification requirements 1.Undergraduate degree in computer science, information technology, or related field 2. Gcia,gced, gpen, gcih or similar industry certification desired This position requires shift work ina 11x5 environment, and the capacity to work evening, overnight, and weekend hours asrequired. This position does not require a u.s. Government security clearance. On-goingtravel is not anticipated. --------------------------------------------- Contract job descriptionResponsibilities: 1. Determines enterprise information assurance and security standards. 2.Develops and implements information assurance/security standards and procedures. 3.Coordinates, develops, and evaluates security programs for an organization. Recommendsinformation assurance/security solutions to support customers’ requirements. 4. Identifies,reports, and resolves security violations. 5. Establishes and satisfies information assuranceand security requirements based upon the analysis of user, policy, regulatory, and resourcedemands. 6. Supports customers at the highest levels in the development andimplementation of doctrine and policies. 7. Applies know-how to government andcommercial common user systems, as well as to dedicated special purpose systemsrequiring specialized security features and procedures. 8. Performs analysis, design, anddevelopment of security features for system architectures. 9. Analyzes and defines securityrequirements for computer systems which may include mainframes, workstations, andpersonal computers. 10. Designs, develops, engineers, and implements solutions that meetsecurity requirements. 11. Provides integration and implementation of the computer systemsecurity solution. 12. Analyzes general information assurance-related technical problemsand provides basic engineering and technical support in solving these problems. 13.Performs vulnerability/risk analyses of computer systems and applications during allphases of the system development life cycle. 14. Ensures that all information systems are

11/7/2017 District of Columbia

Required/Desired Skills

functional and secure. Minimum Education/Certification Requirements: Bachelor’s degreein Information Technology or related field or equivalent experience

OCTO - 200 I Street, SEWashington DC 20003

OCTO - Office of the ChiefTechnology Officer

Hands-On OperationalExperience As A CybersecurityAnalyst/Engineer In A SecurityOperations Center

Required 5 Years

Prior Work With CybersecurityAttack Countermeasures ForAdversarial Activities Such AsMalicious Code and DDOS

Required 2 Years

In-Depth Hands-On ExperienceAnalyzing And Responding ToSecurity Events And IncidentsWith A Security Information AndEvent Management System

Required 2 Years

Strong knowledge ofcybersecurity attack methodologyto include tactics and techniques,and associated countermeasures.

Required 2 Years

Strong Knowledge Of Tcp/IpProtocols, Services, Networking,And Experience Identifying,Analyzing, Containing, AndEradicating Cybersecurity Threat

Required 2 Years

6-10 yrs developing, maintaining,and recommendingenhancements to ISpolicies/requirements

Required 6 Years

6-10 yrs performingvulnerability/risk analyses ofcomputer systems/apps

Required 6 Years

6-10 yrs identifying, reporting, andresolving security violations

Required 6 Years

Bachelor’s degree in IT or relatedfield or equivalent experience

Required

Skill Required /Desired Amount of Experience

Question 1 Absences greater than two weeks MUST be approved by CAI management in advance, and contactinformation must be provided to CAI so that the resource can be reached during his or her absence. TheClient has the right to dismiss the resource if he or she does not return to work by the agreed upon date.Do you accept this requirement?

Question 2 Please list candidate's email address that will be used when submitting E-RTR.

Question 3

Description

Client Information

Work Location: Cost Center:

Required /Desired

Questions