CND Analyst - SOC

By Light has an opening for a CND Analyst - SOC supporting the Army National Guard (ARNG) in Falls Church, VA. This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG's global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services. The Guard Enterprise Cyber Operations Support (GECOS) program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.

This position is: Thursday through Saturday (12-hour shifts) and every other Wednesday (8-hour shift)

The ARNG SOC works to monitor enterprise systems, defend against security breaches, and identify, investigate, and mitigate cybersecurity threats. In support of the SOC, the Watch SOC Team staff shall:

Manage the operation of the SOC and the performance of traditional SOC activities on behalf of ARNG 24/7/365 to protect DoD information systems and infrastructure.
• Develop a SOC Communications Plan.
• Support the RCC-NG in the execution of traditional SOC activities during COOP exercises at a designated COOP site. If it becomes necessary to temporarily relocate SOC operations to a selected alternate site for emergency or test scenarios, support and extend normal SOC operations to that remote location.
• Provide technical reports to analyze and summarize the impact of each significant incident and the recovery costs; the capability and effectiveness of Computer Network Defense (CND) sensor coverage and the O&M costs; and the number and categories of threats of concern identified by the SOC and supplied to the SOC by external Government agencies
• Author and implement custom detection content (e.g., reports, assets, cases, connectors, customers, dashboards, field sets, files, filters, integration commands, knowledge base, lists, notifications, pattern discovery, query viewers, reports, rules, stages, and users).
• Tune the SIEM and IDS/IPS events to minimize false positives.
• Analyze and review monitoring SOC metrics.
• Evaluate and analyze hardware and software in coordination with and support of the RCC-NG.
• Improve processes including developing and refining analysis techniques.
• Coordinate and report ISS-related incidents.
• Provide support in assembling, evaluating, and monitoring various intrusion detection sensors or tools and associated software applications
• Provide DMA support services involving forensic analyses on a variety of digital media devices and mediums to identify, reverse engineer, and de-obfuscate content related to an incident, such as malicious content

• Bachelor's degree required
• Willingness to work the required shift of Thursday through Saturday (12-hour shifts) and every other Wednesday (8-hour shift)
• Minimum 5 years IT relevent experience and 3 years SOC operations support
• Experience managing firewall, IDS/IPS, and router ACL policies
• Experience with vulerability management assessment and mitgation
• Possess the appropriate DoD 8570 CSSP Analyst, Infrastructure, or Incident Responder certification e.g., CEH, CySA+, CCNA+, SSCP, CGIA.

• Cisco Certification
• Palo Alto Certification
• Possess an ITIL v3 or ITIL 4 Foundation or a higher certification in either category

• Active SECRET DoD clearance or higher