businessman-gbfcc74405_1920.jpg

Cyber Security Operations Specialist III - CSOC Tier 3

Computer Office Work

Job Title: Cyber Security Operations Specialist III - CSOC Tier 3

Job ID: 0101001

Date Posted: 5/13/2022

Location: Springfield, Virginia, United States of America

Category: Information Technology

Minimum Clearance Required to Start: TS/SCI

Job Type: Full Time

Travel: None

*Position contingent upon contract award

 

Job Description:

We are seeking a Senior Cyber Security Operations Specialist to join our growing team for an upcoming Cybersecurity Services contract based out of Springfield, VA. The position is contingent upon contract award.

As the Senior Cyber Security Operations Specialist, you will be providing CSOC Tier 3 services. This involves 24x7x365 coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents. CSOC Tier 3 services includes malware and implant analysis, and forensic artifact handling and analysis.

Job Responsibilities:

  • Coordinate and implement tasks, performing analysis, and building/documenting response activities required during cyber security incident response, to include but not limited to actions such as implementing containment measures, IP blocks, domain blocks, and disabling user accounts on direction of the Government.

  • Coordinate with Security and Installations Directorate (SI) Office of Counterintelligence (SIC), Insider Threat Office (SIII), in addition to other law enforcement and counterintelligence personnel as required to perform advanced investigation and triage of incidents.

  • Collaborate with appropriate authorities in the production of security incident reports; categorize incidents and events.

  • Coordinate with other contracts, organizations, activities, and other services as appropriate to ensure incidents are properly reported, contained, and eradicated.

  • Coordinate with other contracts, organizations, activities, and other services as appropriate to de-conflict blue / red team activity with open incidents/events.

  • Coordinate with other contracts, organizations, activities, and services to ensure customer recovers from an incident/event.

  • Build timelines, documents, briefings, and other products as required to inform stakeholders of incident response actions, analysis, and the impact of both adversary activity and blue force response actions.

  • Document actions taken and analysis in the authorized ticketing system to a level of detail where the actions taken and analysis are capable of being systematically reconstructed.

  • With approval from the Government – Develop, generate and update reports in the Joint Incident Management System (JIMS), Incident Case Management System (ICMS), and/or other authorized reporting systems as directed.

Job Requirements:

  • TS/SCI clearance (current). Selected candidate must be able to successfully pass and maintain a government polygraph (post-hire requirement)

  • IAT Level II Certification (current) that is compliant with DoD 8140.01 and DoD 8570.01-M

  • Within six (6) months of hire date, employee must be able to obtain CSSP Incident Responder certification compliant with DoD 8140.01 and DoD 8570.01-M

  • Bachelor's degree (Engineering, Computer Science or related field) and six (6) years of relative work experience. Additional experience may be considered in lieu of a degree.

  • Ability to deobfuscate XOR, URL, base64, rot13 encoding techniques

  • Strong understanding of network protocols

  • Ability to extract and preserve artifacts from network traffic and remote systems

  • Strong understanding of the various cyber-attack frameworks

  • Comfortable using a SIEM for event analysis and trending

  • Strong ability for pattern analysis and writing regular expressions

  • Comfortable in a hex editor

  • Comfortable automating repetitive analytical tasks with scripting, i.e., Python, Ruby, Bash, PowerShell, etc.

  • Ability to conduct static analysis of malicious files

  • Understand how to conduct dynamic analysis of malicious files

Required Education:

  • Bachelor's degree (Engineering, Computer Science, or related field) and six (6) years of relative work experience. Additional experience may be considered in lieu of a degree.

To apply:​

  • Send a copy of your resume to careers@gieslerllc.com.

  • "Subject" line of the email should include your name and the position you are applying for.

 

Giesler, LLC is a private corporation established in the State of Georgia, is an Equal Employment Opportunity and Affirmative Action employer. This commitment affirms Giesler LLC’s policy to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local law.