Jan 15
Public Trust
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
Unspecified
IT - Security
Rockville, MD (On/Off-Site)
CyberData Technologies is looking to hire an experienced Incident Response specialist with cyber security policy assessment experience for our federal client located in Rockville, MD. The Incident Response Specialist will be tasked with a variety of assessment and analysis duties as listed below. SOC/IR Engineer: Job functions will be split: 70% SOC Engineer, and 30% SOC Analyst work.
Job details:
Strong analytical and investigation skills & active threat hunting and adversary tracking.
Experience with IDS/IPS technologies such as SourceFire and Palo Alto Firewalls.Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
Experience with FireEye technologies, such as NX, HX, AX.
Experience with various EDR solutions.
Experience with troubleshooting in an Active Directory environment.A solid understanding of Windows 2012/2016 Server, Windows 7/10, the Microsoft registry, remote administration, and other MS products.
Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.
Solid experience with TCP/IP protocols and ports.
SOC analysis and SIEM experience with Splunk. Candidate should be able to write basic Splunk queries, create dashboards and reports, and be familiar with Splunk Enterprise Security (ES).
Experience with sniffers, packet capture and netflow tools including Wireshark (required)
Candidate should be able to efficiently gather and analyze data with these tools to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
Experience in Information Security and with the use of security devices..
Required Skills and Experience:
Bachelor’s degree form an accredited university.
Write custom scripts using Python (preferred) and Powershell to automate certain tasks.
Candidates with Splunk certifications are preferred (i.e. Power User, Admin, etc.)
IPv6 experience a plus
Preferably firewall and ACL experience.
Experience with NetWitness a plus.
Job details:
Strong analytical and investigation skills & active threat hunting and adversary tracking.
Experience with IDS/IPS technologies such as SourceFire and Palo Alto Firewalls.Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
Experience with FireEye technologies, such as NX, HX, AX.
Experience with various EDR solutions.
Experience with troubleshooting in an Active Directory environment.A solid understanding of Windows 2012/2016 Server, Windows 7/10, the Microsoft registry, remote administration, and other MS products.
Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.
Solid experience with TCP/IP protocols and ports.
SOC analysis and SIEM experience with Splunk. Candidate should be able to write basic Splunk queries, create dashboards and reports, and be familiar with Splunk Enterprise Security (ES).
Experience with sniffers, packet capture and netflow tools including Wireshark (required)
Candidate should be able to efficiently gather and analyze data with these tools to detect potential IT security incidents, identify indicators of compromise, and troubleshoot network events.
Experience in Information Security and with the use of security devices..
Required Skills and Experience:
Bachelor’s degree form an accredited university.
Write custom scripts using Python (preferred) and Powershell to automate certain tasks.
Candidates with Splunk certifications are preferred (i.e. Power User, Admin, etc.)
IPv6 experience a plus
Preferably firewall and ACL experience.
Experience with NetWitness a plus.
group id: RTX146efa
