Job Number: R0030280
Security Operations Center Analyst, Senior
Are you ready to take an active role in Cyber defense for our Global Defense Group supporting the Defensive Cyber Operations (DCO) mission? Are you looking for an opportunity to protect critical infrastructure from the constant onslaught of Cyber attacks? If you want to sharpen your skills by analyzing threats real-time, you want to be a Tier 2 SOC analyst.
As an analyst on our SOC team, you'll improve monitoring strategies and analyze threats, using state-of-the-art tools like Splunk. You'll use your Cybersecurity skills to:
- Perform real-time monitoring, analysis, and resolution of identified security incidents and daily operations using SIEM and network sensor grid tools to monitor events from multiple sources, including firewall logs, system logs, network- and host-based intrusion detection systems, applications, databases, and other security information monitoring tools
- Advise on integrated, dynamic Cyber defense and leverage Cybersecurity solutions to deliver Cybersecurity operational effects, such as intrusion detection and prevention; situational awareness of network intrusions, security events and data spillage; and incident response actions
- Maintain responsibility for network traffic analysis, log analysis, and prioritization and differentiation between potential intrusion attempts and false alarms
- Troubleshoot tickets, including alerts for unreachable devices, devices not reporting events, and miscellaneous hardware and software failures
- Communicate and escalate issues and incidents, as required by process or management
- Provide work leadership for lower level employees.
- Develop and review Standard Operating Procedures (SOPs), Tactics, Techniques, and Processes (TTPs), and other documentation
You'll work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact. You'll manage efforts to figure out just how many systems are affected and assist recovery efforts. You'll combine threat intelligence, event data, and assessments from recent events, and identify patterns to understand attackers' goals to stop them from succeeding. This is a great opportunity to build your Cybersecurity skills with hands on experience in threat assessment and incident response. Join us as we protect our defense clients from malicious actors.
Empower change with us.
Build Your Career:
Rewarding work, fun challenges, and a ton of investment in our people—that's Booz Allen Cyber. When you join Booz Allen, we'll help you develop the career you want.
Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we've got plenty of chances for you to show off your skills.
Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
Cyber University — CyberU has more than 5000 instructor-led and self-paced Cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
Academic Partnerships — In addition to our tuition reimbursement benefit, we've partnered with University of Maryland University College to offer two graduate certificate programs in Cybersecurity—fully funded without a tuition cap.
Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.
-7+ years of experience with incident handling, forensics, sensor alert tracking, or Cybersecurity case management
-3+ years of experience in a NOC or SOC
-Experience with Cybersecurity tools, including ArcSight, McAfee HBSS, Splunk, ACAS, or equivalent SIEM tools
-Experience with network ports and protocols
-Experience with log review and analysis
-Ability to work shifts in a 24x7x365 environment
-Top Secret clearance
-BA or BS degree
-DoD 8570 IAM Level III Certification, including CISSP
-CND Analyst IA Baseline Certification, including CEH, GCIA, or GCIH
Nice If You Have:
-Knowledge of industry, government, and DoD best practices, including awareness of new or revised security solutions and improved security processes
-Knowledge of DoD system solutions to mitigate risk in any activity that potentially impacts the security of existing IT and information management
-Ability to triage SIEM events and determine escalation of indicators
-Ability to apply NIST, federal, and DoD guidelines, policies, directives, and memos as they relate to Cybersecurity
-Possession of excellent analytical, collaboration, and detail skills
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Top Secret clearance is required.
We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.
Apply on company website