- Provide Enterprise ArcSight / SOC (Security Operations Center system analyst support
- Track incidents, problems, updates and changes in NGAs ticketing system
- Detect, track, document, respond, and escalate all events and incidents
- Monitor incoming event queues for potential security incidents using ArcSight ESM per operational procedures
- Identify, categorize, prioritize, and investigate correlated events as part of the cyber event detection team for the enterprise using all available log sources and events collected (ie: from firewalls, NGA Systems and network devices, web proxies, intrusion detection/protection systems, Anti-virus systems, etc.)
- Perform investigation and triage of potential incidents and escalate to NGA CERT according to SOP timelines to be developed.
- Monitor / work off Enterprise ticket queue (ie: SOC queue) for potential event reporting
- Update / reference SOC collaboration tools as necessary for changes to SOC processes and procedures
- Document investigation results, ensuring relevant details are passed to Tier 2 for final event analysis
- Act as the primary point of contact for the inter-agency organizations regarding ArcSight front end and log collections. Create custom SQL queries for particular use cases and data matching criteria and provide formal product results that have been properly analyzed and filtered.
- Act as incident monitoring technical lead; specifically assisting internal organizations with specific needs. Including but not limited to:
- Product development for metric reporting
- Formulation of report products and analysis
- Orchestrator of collaborations between counter organizations to improve processes and procedures.
- Develop SIEM team SOPs and corresponding Work Instructions.
- Assist in formulating device event count statistics for metric reporting capabilities, including ArcSight reporting, data monitors, dashboards and logger saved searches.
- Contribute to daily, weekly, and quarterly project reviews and deliverables.
- Formulate compliant and ad-hoc audit evaluations and technical documentations, abiding by DOD government requirements.
- Point of contact and administrator of critical infrastructure audit testing ArcSight stand up initiatives.
- Collaborate with external intelligence community affiliates to promote bilateral communications and intelligence sharing including and not limited to:
- Restoring organization networking capabilities to full potential.
- Implementation of joint indicator repositories for the detection of adverse network activity across multiple platforms.
- Development of bilateral cross training specific to cyber security tools, processes, and techniques.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. TS/SCI clearance is required.
A Bachelor’s degree OR equivalent, relevant technical experience, OR certification in Information Systems Security, Networking, or equivalent. 1 - 4 years experience.
Must have ArcSight ESM (Tier 1 Analyst Support) experience. Should also have:
- Understanding of the current and evolving DoD and IC community Cyber organizational structure is preferred
- Strong analytical capability
Strong understanding and application of Networking including :
- Security Information and Event Management
- TCP/IP Protocols/ports
- Infrastructure architecture
- Web Servers
- Web Gateways
- Email Gateways
- Domain Name Systems
- Host Based Security Systems
- Intrusion Prevention Systems
- Intrusion Detection Systems
Knowledge of up to date cyber threats and associated characteristics:
- Active trojan malware infections
- Blackhole redirects
- Zero day vulnerabilities
- Spear Phishing
- Emerging threat vectors
- Working knowledge of network protocols and common services such as DNS, FTP, email, TCP/ICMP/UDP
- Ability to formulate solid report products to describe incident scenarios by including supporting facts and research abiding by government standards
- Ability to perform OSINT research and append relationships to the specific nature of the scenarios, identify the threat, risk, and vulnerabilities