Security Operations Analyst
TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology (IT) and professional services to Federal and State agencies. TISTA is an Inc. 500 company, a recipient of the 2010 Top 100 Service-Disabled Veteran-Owned Businesses from Diversity Business, recognized in Washington Technology’s FAST 50 list of the fastest growing small businesses in government contracting in 2012 & 2013, recognized as the Top 25 Fastest Growing Small Technology companies by the Washington Business Journal in 2014 & 2015, and selected as the Veteran Owned Company of the Year in 2014 by the Montgomery County MD Dept. of Economic Development.
The Security Operations Analyst is responsible for providing, executing, and maintaining full-scope computer network defense (CND) and incident response (IR) operations that monitor for, detect, protect against, and respond to Cyber exploitation and attack efforts. Ensure the organization’s systems, networks, and users meet with all requirements set forth by the organization, NIST and industry best practices. Implement any updates to policies and any future CND policies or regulations produced by the US Government (USG).
- Leading response efforts in incident response remediation
- Monitoring IT Security systems, appliance and technologies performance and health
- Experience with a depth and breadth of IT Security tools and technologies, examples of technologies used are as follows:
- Cyfir / ArcSight Express / NetWitness / FireEye / Netronome SSL Inspector / IBM App Scan / Application Security AppDetective / HBGary / Tenable Security Center / CoreInsight / CoreImpact / Mandiant / Splunk / WireShark / SNORT / RSA Archer
- Monitor and respond to any incidents or issues regarding IT Security technologies performing as intended.
- Initiate protective or corrective measures if a security problem is discovered.
- Update and develop appropriate documentation (e.g. Standard Operating Procedures [SOPs], configuration management [CM], backup procedures).
- Public point of contact for US-CERT and other external agencies for the client’s information security operations.
- Ensuring the successful execution of all incident response policies, procedures, guidelines and response actions
- Providing coordination among client’s teams and external agencies to ensure that all incidents, issues and concerns are addressed in alignment with standard operating procedures and management guidance
- Leading implementation efforts of new guidelines, standard operating procedures, response actions, policies, services, standards and activities
- Performing threat monitoring activities, keeping informed of industry trends to ensure operational awareness.
- Performing security log review.
- Preparing weekly and monthly reports for management.
- Preparing documentation for annual audits.
- Keeping LOC management apprised of security issues affecting the organization
- Performing quality control to ensure Incident Response tracking forms, summaries, etc. are compliant with established SOPs and are error free through random auditing of the documentation
- Preparing and issuing security advisories
- Processing reports of blocked website waivers including preparing assessment reports
- Collecting weekly SNORT log data
- Monitoring the US-CERT portal and processing reports
- Assisting in the development/implementation of new guidelines, standard operating procedures
- Coordinating with ITSG in support of directive waiver tracking
- Performing scheduled audits of user accounts for policy violations
- Coordinating mandatory user counseling
- Reviewing data center access logs
- Performing risk assessment reports on suspicious domains
- Identifying and blocking of malicious domains
- 2+ years’ experience in information security, with relevant IT Security technologies, applications and tools; or an equivalent experience with Firewalls, VPN appliances, URL filters, e-mail filtering and anti-virus software
- Working technical knowledge of network and host based intrusion detection and prevention systems
- Experience with vulnerability scanning tools, and security information and event management (SIEM) and correlation tools
- A strong understanding of the vulnerabilities associated with network and application protocols and vulnerabilities effecting the Microsoft Windows operating system
- Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
- Experience with developing system and technologies documentation through the SDLC
- Experience with NIST Special Publications and guidance
- Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment
- Excellent communication (written and verbal) skills
- Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields
- A minimum of at least one (1) certification must be active relating to information security such as:
- Certified Information Systems Security Professional (CISSP)
- GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
- CompTIA Security +
Equal Opportunity Statement
TISTA is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.