Junior Cybersecurity Operations Analyst

Job Title 80474 - Junior Cybersecurity Operations AnalystJob Location McLean VA 22102 Onsite Requirementsintrusion detectionintrusion preventionincident responseJob DescriptionPROJECT DESCRIPTIONThe Cybersecurity Operations Unit is seeking a Cybersecurity Operations professional who will support daily technical operations for the unit.BACKGROUNDThe Cybersecurity Operations Unit (Cyber Ops Unit) seeks the services of a Contractor to serve as a junior Cybersecurity Operations analyst to work alongside existing Cyber Ops Unit analysts to assist in the daily technical operations of the unit.The Contractor shall provide analytical, administrative, and documentation support to enable the daily operations of the unit.REQUIREMENTSThe candidate shall possess the knowledge and skills set forth in the Specialized Cybersecurity and Privacy Support Services BOA, Section H.3.c. for Labor Category 4, Junior Cybersecurity Operations, with the following set of additional knowledge and experience:Experience creating reporting and metrics that demonstrate the health and well-being of a cybersecurity program; knowledge of and experience with reporting and visualization tools and dashboarding capabilities such as Splunk, Tableau, PowerApps, or other measurement and reporting tools is highly desirableExperience creating impactful and visually appealing reports that communicate their point clearlyKnowledge and experience with technical writing for computer network defense subjectsExperience performing all-source threat intelligence analysis to support computer network defense activitiesExperience with computer network defense operations, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic; Splunk experience is highly desirableExperience monitoring and defending both local (on-premises) and cloud computing systems, to include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Cisco networking appliances, F5, Bluecoat, Palo Alto, VMware, CrowdStrike, Tenable, FireEye, Gigamon, and other common enterprise security technology providersExperience investigating network anomalies and responding to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)While candidates are not required to have these certifications, knowledge should be consistent with that of the following certifications: GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), and/or CompTIA Security+Preference will be given to candidates who provide work samples. Redacting client names and/or sensitive information is recommended.In lieu of work samples, the candidate must submit 2 narrative descriptions (5-10 sentences each), describing 2 different documentation projects they personally completed.RESPONSIBILITIESThe candidate shall provide support that includes, but is not limited to, the following tasks:Provide administrative support, including project management, incident management, workflow development, workflow optimization, document development, and moreEnsure that the team remains on task and is responsive to taskersIdentify duplicative efforts within the unit and help foster efficienciesAttend meetings as required, take meeting notes / minutes, capture action items on behalf of the Cyber Ops Unit, and provide that information back to the teamDevelop ad hoc reports, presentations, and documents as required by the Cyber Ops Unit to support operationsSupport FISMA reporting as neededReview reports, presentations, and documents developed by others in the Cyber Ops Unit and provide comments and/or in-line edits at the request of other team membersDevelop / author incident status reports for consumption at various levels within the Board, to include information such as a summary, an explanation of the incident itself, impact to the Board, completed actions, next steps, etc.Develop / author recurring quarterly metrics reports on behalf of the Cyber Ops Unit, to include measurements of the various functions within the Cyber Ops Unit; develop messaging that drives leadership awareness and informs decision-makingDevelop / author Situational Reports (SITREPS) for events that are important for broad awareness but may not yet be considered an incidentMonitor open-source threat intelligence reporting sources for information that is actionable within Board systems; sources might include blogs, reports, articles, etc.; share findings with the Cyber Ops Unit analysts for action, as neededSupport Cyber Ops Unit analysts in the analysis of log data and potential incidentsReport on anomalous activity and potential cybersecurity incidents detected and addressed through daily monitoring of security devices and logsAt the direction of the Federal Cyber Ops Unit analysts, author and implement custom detection content for the Board's perimeter and endpoint security solutionsProvide advanced analysis and adversary hunting to proactively uncover evidence of adversary presence within the Board's systems and networksPerform the duties of a computer network defense operations analyst, including intrusion detection, intrusion prevention, and incident response, to include authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logicMonitor and defend both local (on-premises) and cloud computing systems in support of the Cyber Ops UnitInvestigate network anomalies and respond to cybersecurity incidents in either local (on-premises) or cloud computing systems, including all phases of the digital forensics and incident response process (e.g. preparation, scoping, containment, eradication, remediation, recovery, lessons learned, and closeout)

Created: 2024-11-09