Apply Now

Security Analyst 4B

Durham, NC, USA Req #49
Sunday, September 13, 2020

SOC Analyst 4B


Position Overview:

The Threat Vulnerability and Remediation Branch (TVRB) will be augmenting the existing security remediation processes by adding contractor resources that will be under the direction of the task manager. This task will focus on the removal of security vulnerabilities on the Network and protecting/preventing further dissemination.


TVRB is responsible for investigating all anomalous traffic across the agency and remediating malicious traffic, unauthorized software, network vulnerabilities, compliance issues, malware forensics and Security Policy violations. Currently, the SMRB monitors and detects anomalous activity and then turns the findings over to TVRB for remediation. TVRB also receives security tickets on network vulnerabilities and compliance issues from Enterprise Testing & Web App Security Branch. Division of Security Engineering and Division of Security Applications provide additional security tickets for unauthorized access, policy violations and compliance issues. This task will be used to augment TVRB current under staffing and provide the ability to respond and remediate the various assignments of this branch.


Essential Functions, Responsibilities & Duties may include, but are not limited to:

The contractor shall respond to CAPRS/Resilient tickets, emails, and verbal reports of security vulnerabilities, insider threats, malware forensics and compliance issues. In addition, the contractor shall be responsible for remediating those security vulnerabilities, insider threat, malware forensics and compliance issues. Remediation in this context refers to incident response, awareness, compliance and insider threat.


Validate alerts from a variety of monitoring technologies. These technologies include but are not limited to:

  • Intrusion Detection Sensors

  • CAPRS and Resilient (In-House Ticketing Systems)

  • Security Event Manager

  • Command line Antivirus Scans

  • Splunk

  • Tanium

  • WSInfo

  • FireEye

  • SCCM

  • Data loss prevention process

  • Respond to and act on tickets opened by lower level security engineers or SOC analysts in Resilient/CAPRS.

  • Utilize various malware removal and remediation tools to investigate, contain and prevent the spread of Malware to other agency devices.

  • Assist in the development of tools/scripts in order to respond more effectively to incidents. Tools/scripts will be develop in, Visual Basic, HTML PHP, PowerShell, Python, and other similar programming environments.

  • Develop and document remediation strategies. These strategies will focus on the security issue identified.

  • Coordinate with internal Coordinators on remediation of devices.

  • Determine if other infrastructure is also infected and correct.

  • Analyze RAM captures for security vulnerabilities. Document findings in Resilient/CAPRS.

  • Perform a Deep Dive of the incident and forensically investigate where and when it first came from in accordance with the SOC Standard Operating Procedures and task manager direction.

  • Remain aware of information in the security arena through sources, such as, but not limited to, SANS ISC, US CERT, and NIST.

  • Recognize related occurrences, current trends, and resurgence of historical malware.

  • Recognize and rectify variants of known malware, events, and breaches according to security standards and policy.

  • Analyze data in ticketing systems for all network assets critical vulnerabilities and misconfigurations on the agency’s network using the following tools including but not limited to:

  • Splunk dashboards

  • Various Web Portals and reports

  • MS Access reports

  • IBM Resilient ticketing system

  • Other data sources

  • Identify, troubleshoot, and resolve common patch deployment issues on all agency’s network assets using the following tools, including but not limited to:

  • MS SCCM Web Portal

  • Window System Configurations

  • Active Directory membership

  • IBM Resilient ticketing system

  • Inform device administrators upon detection and at 30, 60 and 90 days for the need to take corrective action via phone, email and ticketing systems, and other communication methods, as directed by management.

  • Follow up on requests for corrective action via all relevant communication methods, and track progress and status using MS Excel spreadsheets, SharePoint/Confluence, Resilient ticketing, and other means, as needs arise.

  • Coordinate with other component’s technicians as needed to troubleshoot/correct vulnerabilities.

  • Provide technical support, guidance, and recommendations to system owners and SOC management, as needed and as required.

  • Analyze and verify reported policy violators that are ticketed in Resilient.

  • Coordinate with other division’s technicians as needed to troubleshoot/correct and eliminate threat.

  • Document all findings and corrective actions in the ticket.

  • Provide technical support, guidance and recommendations to other division’s technicians when violation arise.

Requirements

  • It is critical that the contractor has strong oral presentation skills and the ability to articulate technical terms clearly in English over the telephone and in person.

  • The contractor must possess a working knowledge of Security Operations and the role such systems play in detecting intrusion attempts.

  • They must have experience responding to computer security incidents.

  • This requires comprehension of, and experience with, most viruses and worms that may infiltrate into and propagate throughout a large network.

  • Must have experience with Microsoft Windows Operating Systems (XP and higher) both desktop and server, as well as experience with Solaris (9 and higher), Unix and Linux, and HP-UX.

  • Additionally, networking fundamentals are required to understand how network assets communicate and behave on the network, requiring routing and networking protocols such as IP, FTP, SSH, SSL, Telnet, SMTP, TCP/IP, UDP, Windows SMB, and others.

  • Candidates should have industry experience with these technologies, as SSA Cyber Security staff are responsible for all aspects of securing a large enterprise network.

  • Must also possess the ability to read and analyze device activities in memory captures.

Additionally, contractors must have at least one of the following industry certifications:

CompTIA Security+

CompTIA CySA+

CompTIA Network+



EQUAL OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER. VSE considers candidates regardless of race, color, religion, gender, sexual orientation, gender identity, national origin, disability or veteran status, or any other characteristic protected by law.

*The selected applicant will be subject to a background check and drug testing.

VSE is an Equal Opportunity/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, gender, age, national origin, disability, Protected Veteran status, sexual orientation, or any other characteristic protected by federal, state or local law.

Other details

  • Job Family Operations
  • Job Function Computer Security Specialists
  • Pay Type Salary
  • Durham, NC, USA