Security Operations Center Log Reviewer

Security Operations Center Log Reviewer

Security Operations Center Log Reviewer

LOCATION:

• Reston, VA (1 day a week in the office)

DUTIES AND RESPONSBILITES:

• Investigate security events using various OCIO and industry tools to identify potential incidents, and performing actions to contain incidents in progress.
• Monitoring and analyzing logs and alerts from a variety of different systems and tools across multiple platforms in order to respond and report suspected or actual security breaches.
• Developing procedures for use, interpretation, and response to the monitoring and alert information collected.
• Monitoring security systems and events to detect and investigate threats, identifying and analyzing traffic trends, assessing the impact of security alerts and traffic anomalies on the Smithsonian network in order to make appropriate recommendations.
• Daily and hourly monitoring of the SOC's incident reporting email box.
• Support IR team activities in response to security incidents. Activities include but to limited to ensuring completion of the incident from detection thru closure, leading IR meetings and analysis with other SI units, providing situational awareness information to SI units, correlating multiple alert and incidents to determine widespread attacks, and providing incident status reports to SI management and other stakeholders.
• Maintaining and updating the incident management tool to reflect the SOC's IR procedures.
• Performing in-depth analysis and forensics, analyzing incident data, recommending solutions, coordinating response activities, and preparing reports for management.
• Support IR team during incidents to mitigate the incident and improve the security posture to reduce the likelihood of an incident occurring.
• Reporting incidents to appropriate external entities and coordinating with OIG investigators, US-CERT, and law enforcement as appropriate based on SI policies.
• Creating and maintaining applicable IR plans and procedures.
• Developing IR training and exercise materials.
• Coordinating and conducting periodic IR training sessions and exercises.
• Creating and reporting metrics on the effectiveness of the IR procedures.
• Advising system owners and administrators on improving techniques for detecting and logging potential incidents.
• Collecting, preserving, and interpreting electronic evidence related to incident investigations.
• Supporting information gathering and preparing responses to various data calls and assessment conducted by various external organizations to include but not limited to Office of Management and Budget (OMB), Department of Homeland Security (DHS), and U.S. Government Accountability Office (U.S. GAO).
• Coordinating with internal Smithsonian organization.

REQUIRMENT SKILLS AND ABILITIES:

• Minimum of 5 years of incident response experience.
• Experienced with using Splunk Enterprise Security to review security events and perform searches. Familiar with Spunk risk-based analysis features.
• Previously supported a security operations center and support IT security incident response activities.
• Proven analytical skills to assess and respond to various IT security incidents.
• Broad technical background with strong understanding of network architectures and communications, operating systems (e.g. Microsoft and Linux), web platforms, and databases in order to respond to incidents and determine incident roots causes.
• Experienced with log and event correlation tools specifically Splunk Enterprise and Enterprise Security and able to perform queries and reviews of alert information to determine possible security incidents. Experienced with creating and managing Splunk dashboards for event monitoring.
• Familiar with NIST and DHS US-CERT incident response requirements and guidelines.
• Ability to work independently and with other teams.
• Good writing, interpersonal and communication skills using standard office automation tools e.g. Microsoft Office.

SALARY AND BENEFITS

The leadership of our Company believes in attracting and retaining exceptional talent committed to serving our clients. We offer a generous benefits package including health insurance, paid vacation, disability, and life insurance, and more. Please visit our Careers page for additional information. Salary and benefits information will be available to applicants, when and if an offer is made.

OUR COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION

The leadership of our Company is committed to a work culture of zealous advocacy, respect, diversity and inclusion, client-oriented defense, access to justice and excellent representation. We are dedicated to building a strong professional relationship with each of our clients, to understanding their diverse circumstances, and to meeting their needs. Our ability to achieve these goals depends on the efforts of all of us.

HOW TO APPLY

All applications must be completed online. We do not accept paper submissions. Please visit our Careers Page to review all current job postings, and instructions on the application process.

As an Equal Employment Opportunity (EEO) Employer, Cycurion, Inc. and our Subsidiaries prohibit discriminatory employment actions against and treatment of its employees and applicants for employment based on actual or perceived race or color, size (including bone structure, body size, height, shape, and weight), religion or creed, alienage or citizenship status, sex (including pregnancy), national origin, age, sexual orientation, gender identity (one's internal deeply-held sense of one's gender which may be the same or different from one's sex assigned at birth; one's gender identity may be male, female, neither or both, e.g., non-binary), gender expression (the representation of gender as expressed through, for example, one's name, choice of pronouns, clothing, haircut, behavior, voice, or body characteristics; gender expression may not be distinctively male or female and may not conform to traditional gender-based stereotypes assigned to specific gender identities), disability, marital status, relationship and family structure (including domestic partnerships, polyamorous families and individuals, chosen family, platonic co-parents, and multigenerational families), genetic information or predisposing genetic characteristics, military status, domestic violence victim status, arrest or pre-employment conviction record, credit history, unemployment status, caregiver status, salary history, or any other characteristic protected by law.

Copyright © 2023, ADP, Inc. All rights reserved.