Koniag Technology Solutions (KTS) is looking an experienced Security Operations Analyst to join our team. This is a direct, full-time position with our company working at our customer’s site. The schedule is Saturday-Wednesday, 8am-4:30pm, to include a 1/2 hr. non-billable meal break. Occasional rotational weekend and/or holiday coverage may be required.
We offer competitive compensation and a comprehensive benefits package including health, dental and vision insurance; 401K; flexible spending accounts; paid holidays and a PTO program, and more.
Must be able to obtain and maintain a client-sponsored HSPD-12 suitability clearance.
Our client employs an intrusion detection solution which is managed in-house. It is a distributed system that consists of strategically placed sensors reporting alerts to a management console. Further analysis and data correlation is performed at centralized data locations. The Intrusion Protection Team (IPT) protects the agency's critical assets by anticipating and leading the response to computer-related threats and vulnerabilities. The goal is to ensure that the client has suitable processes in place to identify inappropriate network behavior within the agency’s Enterprise Network. Network-based intrusion detection furnishes the ability to proactively identify threats. Staff dedicated to this effort provides the continuity of effectiveness necessary for the client to respond to advanced threats and adapt to network changes initiated by other systems components. Correlating events with data collected from other IPT initiatives substantiates a more complete analysis of current network stability against threats.
Essential Duties and Responsibilities
- Monitor/enforce compliance with documented and distributed agency system security standards
- Maintain signatures on the Intrusion Detections Systems (IDS) infrastructure and respond to alerts that the sensors generate; assist in the evaluation process if modifications to the encompassing IDS solution are needed
- Monitor the IDS console for active alerts and determine priority of response. Alerts deemed critical by the client's Activity Manager require that the contractor open a ticket and report the traffic causing the alert to the client's management.
- Review all incoming IDS alerts and document all identified problems.
- Analyze all levels of problems and document findings in accordance with the client's procedures.
- Identify and escalate high-priority problems (problems that may harm the client's systems) to the client's management.
- Assist with intrusion detection strategies as new systems or network design changes are implemented.
- Review new technologies and make recommendations pertaining to the current IDS deployment.
- Identify areas where coverage could be implemented or improved.
- Provide high-level engineering support remotely in HQ as well as the Remote Operations Communications Centers.
- Monitor problem ticket queue and reassign problem tickets to the responsible components, if needed.
- Identify newly discovered vulnerabilities and exploits; apply new intrusion detection signatures as directed by the client's Activity Manager; create custom signatures when needed.
- Install updates of new signatures.
- Document newly discovered vulnerabilities and updates in order to show accuracy of and turnaround for detection.
- Diagnose and provide remediation suggestions to higher level technicians who are on-call 24 hours per day.
In addition, the contractor will provide continued support in the following areas:
- Review daily log data gathered from various sources, such as sensors alert logs, firewall logs, content filtering logs.
- Identify possible intrusion attempts or other anomalies.
- Filter non-threatening network traffic for enhanced reporting accuracy.
- Manage problem resolution process from initial reporting to resolution.
- Make determinations of operational impact of a particular threat on agency systems.
- Recommend immediate corrective actions to higher level network engineers.
- Assist with remediation, if requested.
- Respond to new threats; may be required to initiate and assist in drafting remediation strategies.
- Provide ongoing monitoring of intrusion detection systems and newly developed exploits for Windows and UNIX systems.
Education, Experience and Skills
2-3 years previous experience preferred
- Mid- to senior-level experience in the following:
- Monitoring Intrusion Detections Systems (IDS) console for active alerts and determining priority of response
- Performing preliminary analysis of collected data
- Active skills in remaining up-to-date on IDS-related technologies, along with an awareness of security-related vulnerabilities and exploits.
- Experience creating custom intrusion signatures to detect specific network traffic anomalies; requires comprehension of and experience with most viruses and worms which may infiltrate and propagate throughout a large network.
- Experience populating sensors with newly available signatures when responding to events or management requests.
- Superlative oral and written presentation skills.
- Must possess a working knowledge of IDS and the role such systems play in detecting intrusion attempts.
- Must have a working knowledge of the majority of the skills and technologies annotated above, and must be able to learn, with provided training, those skills and technologies in which he/she lacks the requisite experience.
- Contractor may be required to report for duty during periods of inclement weather or other emergency situations -- the contractor may be asked to report to an alternate location.
Working Environment & Conditions
This position is primarily indoors, consistent with a standard office position and has a noise level of mostly low to moderate. The incumbent is required to stand; walk; sit; use hands to manipulate, handle, or feel objects, tools, or controls; reach with hands and arms; talk and hear. The work load may require the incumbent to sit for extended periods of time. The incumbent must be able to read, perform simple math calculations and withstand moderate amounts of stress. The duties frequently require lifting or manipulating up to 25 lbs. Specific vision abilities required by the job include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin, age, disability, military/veteran status, marital status, genetic information or any other factor protected by law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits and all other privileges, terms and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or to apply to a position on our website, please contact Heaven Wood via e-mail at firstname.lastname@example.org or by calling 703-488-9377 to request accommodations. This contact information is used for accommodation requests only and cannot be used to inquire on a status of your application.