-Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week.
-Conduct Incident Triage to prioritize newly identified security incidents for follow-on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident. Conduct immediate actions to evaluate and contain threats as necessary in accordance with the Federal Security Operations Center Incident Response Plan, Incident Response Operations Guide, and any other published SOC operations guides and manuals.
-Perform deep dive analysis (manual and automated) of malicious links and files.
-Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events.
-Provide Executive Summary in accordance to IDT Operations Guide.
-Provide 5W briefing slides for each event for leadership briefing.
-Provide on demand time/trend/event based metric reports for SOC management.
-Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event.
-Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end to end incident response support to local incident responders to ensure the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary.
-Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary.
-Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder (Work Role ID: PR-CIR-001).
This position offers a range of pay between $44-46/hr dependent on experience.
Conversion Salary Range: $90,000 - 110,000
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
-Bachelor's degree with 6+ years (or commensurate experience)
-3 years of senior-level (Tier II) security operations center (SOC) experience performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments
-Experience with wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; the ability to communicate clearly both orally and in writing.
-Working experience with Splunk SIEM
-Candidate must have one or more of the following required certifications: Security+, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals
-Must be able to obtain and maintain public trust
-Must be able to work the following shift on site in Washington, DC: Sat-Sun (7:00am - 7:30pm)/ Tues-Wed (3-11:30PM)
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.