SOC Analyst

Company: Koniag Government Services
Location: Durham
Posted on: March 19, 2023

Job Description:

Tuknik Government Services (TGS), a Koniag Government Services (KGS) company, is looking for experienced SOC Analysts to support our government customer in Durham, NC.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

The Security Operations Center (SOC) is responsible for monitoring and enforcing compliance with documented and distributed system security standards. SOC protects client's critical assets by anticipating and leading the response to potential computer-related threats and vulnerabilities. Several systems within the security architecture allow the SOC the ability to identify threats in a proactive manner. Staffing dedicated to this effort provides the continuity of effectiveness necessary for client to respond to more advanced threats, and to adapt to network changes initiated by other Systems components. In addition, the correlation of events with data collected from other SOC initiatives will substantiate a more complete analysis of current network stability against threats.

The objective is to ensure client has suitable personnel and processes in place to properly identify investigate, and remediate inappropriate and suspicious network behavior within the Enterprise Network. This activity is performed at approximate real-time to mitigate common, new, and unknown threats to client's Information System Network.

Shifts: Thursday to Monday from midnight until 830am or 330pm to midnight, days TBD

Essential Functions, Responsibilities & Duties may include, but are not limited to:

The contractor shall monitor, analyze, and manage the health of the network security operations systems. The contractor shall respond to events by documenting and investigating alerts generated by these systems.

• Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.
• Monitor agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.
• Utilize email, instant messaging, and other monitoring tools to remain aware of current network threats
• Review all incoming alerts, properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.
• Open a ticket for every potential security threat encountered and investigated throughout the course of their shift.
• Analyze all levels of potential security threats and document findings within the agency incident response ticketing platform
• Validate traffic and/or network activity (per alerts/logs) as anomalous, in accordance with established Standard Operating Procedures.
• Utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports.
• Use the incident response-ticketing platform to determine and document problem status, resolution, and prevention measures.
• Produce ad-hoc reports as directed.
• Provide written reports to the SOC Manager detailing all security events related to network security matters and submit these reports according to the procedures and reporting requirements established in the SOPs and guidelines.
• Prepare monthly reports for insertion into the US-CERT Report.
• Prepare a monthly report on the status and progress of all current open security incident tickets and ad-hoc assignments.
• Perform a preliminary analysis of collected data.
• Investigate Open Source Threat Intelligence in accordance with established procedures.
• Identify, investigate, and escalate potential security threats to senior technicians residing in the Threat Remediation and Vulnerabilities Branch in accordance with established Standard Operating Procedures.
  • May be required to provide assistance with remediation after the technicians are consulted.
  • Manage the resolution of computer security events that affect client's information systems through the use of SOC provided incident response ticketing system.
  • Identify the necessity for, and implementation of, the creation of new intrusion detection signatures.
  • Provide potential security threat reporting and tracking by means of the client Reporting System and other Incident Response specific support systems. Education:
    • Required ACTIVE cert: CompTIA A+
    • Must have one of the following: Security+, Network+ or CYSA (Active)
      • Proof of certifications to be printed and provided to COR & task manager prior to assignment.
      • BS Degree and/or 10 years in direct network management experience. Minimum of 6 years of experience in providing network engineering support.
      • Networking fundamentals are required to understand how network assets communicate and behave on the network, requiring routing and networking protocols such as IP, FTP, SSH, SSL, Telnet, SMTP, TCP/IP, UDP, Windows SMB, and others.
      • Must have experience with Microsoft Windows Operating Systems (XP and higher) both desktop and server, as well as experience with Solaris (9 and higher), Unix and Linux, and HP-UX.
      • Must be able to obtain a client sponsored Public Trust level of adjudication. Work Experience, Knowledge, Skills & Abilities:
        • Possess a working knowledge of Security Operations and the role such systems play in detecting intrusion attempts.
        • Have comprehension of, and experience with, most viruses and worms, which may infiltrate and propagate throughout a large network.
        • Possess strong oral presentation skills and the ability to articulate English in a clear and concise manner. Working Environment & Conditions:
          
          This position is primarily indoors, consistent with a standard office position and has a noise level of mostly low to moderate. The incumbent is required to stand; walk; sit; use hands to finger, handle, or feel objects, tools, or controls; reach with hands and arms; talk and hear. The work load may require the incumbent to sit for extended periods of time. The incumbent must be able to read, do simple math calculations and withstand moderate amounts of stress. The incumbent must occasionally lift and/or move up to 25 lbs. Specific vision abilities required by the job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.
          • Contractors may be required to report for duty during period of inclement weather and other emergency situations. This could include being asked to report to an alternate location
            Our Equal Employment Opportunity Policy
            
            The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin, age, disability, military/veteran status, marital status, genetic information or any other factor protected by law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits and all other privileges, terms and conditions of employment.
            
            The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or to apply to a position on our website, please contact Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations. This contact information is used for accommodation requests only and cannot be used to inquire on a status of your application.
            
            About Our Company:
            
            Tuknik Government Services (TGS) is 8(a) certified company providing leading edge information technology solutions and professional services to Government clients. Our approach is to provide experienced and talented teams that utilize industry best practices to support our clients in identifying and implementing "world class" solutions for their vital program requirements. TGS optimizes performance by using the latest in cutting edge technologies to build and deliver solutions. TGS helps clients meet their performance objective by delivering a vast array of services ranging from large and complex IT and business services to highly specialized work place systems. We focus on performance improvement as well as the processes, leadership and behavior dynamics that underpin the achievement that supports business success.
            
            EOE Minorities/Female/Protected Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
            
            #LI-DM1

Keywords: Koniag Government Services, Durham , SOC Analyst, Professions , Durham, North Carolina