Security Operations Center Analyst, Senior in Washington, DC at Booz Allen Hamilton Inc.

Date Posted: 5/9/2018

Job Snapshot

Job Description

Job Number: R0027992

Security Operations Center Analyst, Senior

Key Role:

Apply an enterprise-wide set of disciplines for planning, analysis, design and construction of information systems on an enterprise-wide basis or across a major sector of the enterprise. Develop analytical and computational techniques and methodologies for problem solutions. Perform enterprise wide strategic systems planning, business information planning, business and analysis. Perform process and data modeling in support of the planning and analysis efforts using manual and automated tools. Apply reverse engineering and develop migration strategic and planning documents. Provide technical guidance in software engineering techniques and automated support tools, including re-engineering disciplines to develop migration strategic and planning documents. Provide technical guidance in software engineering techniques and automated support tools.


Basic Qualifications:

-7+ years of experience working in a security operation center (SOC) environment

-Experience with configuration and all the SOC tools in the environment, including McAfee Web Gateway, Splunk, Sourcefire, McAfee DLP, RSA Security Analytics, Encase, Varonis and FireEye

-Experience with managing and responding to major incidents, including preparing briefings and situation reports, applying new detection and mitigating strategies, coordinating eradication, conducting lessons learned in meetings, and authoring incident reports for the clients and designated entities

-Experience with writing and preparing all contract deliverable documentation, including standard operating procedures, incident management and operations plans

-Experience with network protection and monitoring tools, including Sourcefire, Splunk, Checkpoint, Sidewinder, Virtual Firewalls, RSA Security Analytics for Network Forensics, Varonis Encase Enterprise, Cisco ISE, Imperva, RSA Archer, Skybox, Qualys, and Fireeye Product Suite

-Ability to obtain a security clearance

-BA or BS degree


Additional Qualifications:

-Experience with developing and implementing new processes and procedures to standardize work in the SOC for analysts, including address customer needs and requirements

-Experience with developing and implementing new security and analysis capabilities increasing the overall success of security operations and incident response activities

-Experience with monitoring and analyzing network alerts using Web traffic, firewall logs, Windows logs, intrusion detection and prevention alert and full packet capture capabilities and determining, if a compromise was successful

-Experience with creating new signatures, content for the intrusion detection system, and protecting the Securities And Exchange Commission (SEC) from new threats to their environment

-Experience with creating detail-oriented cases, and providing clear and concise information for team members and federal staff

-Experience with performing malware analysis in a sandbox environment on new samples of malware that are discovered within the customers environment to find indicators, and persistence mechanisms to develop content for detecting and blocking future compromise attempts

-Experience with performing host-based forensics to detect malicious artifacts, and determining system compromise and threat vectors for incidents


Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.