Senior SOC Analyst/Splunk (Secret Clearance )

NorthHill Technology Resources has an immediate need for a Senior SOC Analyst to support a Federal Program in either Washington DC or Sterling, VA. This is a hybrid role, with 2 days onsite per week in DC or Sterling. US Citizenship and an Active Secret Clearance is required.

The Senior SOC Analyst will be part of the Department of State (DOS) Consular Affairs Enterprise Infrastructure Operations (CAEIO) Program for the Bureau of Consular Affairs (CA). The CAEIO Program provides IT Operations and Maintenance to modernize the legacy networks, applications, and databases supporting CA services globally.

Responsibilities:

· Monitor and investigate alerts, threat hunting, and notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact in accordance with the organization's cyber incident response plan.

· Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.

· Write advanced ad hoc SPL queries.

· Coordinate with internal and external teams to address threats and risks via investigation and forensic analysis.

· Analyze log files from a variety of sources (for example, individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

· Utilize SIEM and EDR tools to monitor the environment.

· Develop and document configuration standards, policies, and procedures for operating, managing, and ensuring the security of system infrastructure.

· Advise management and team members of risks associated with technologies and implementation approaches and identify methods of risk mitigation.

· Interact with multiple levels of management, providing information and thought leadership in technical areas.

· Prepare reports on investigations, incidents, and other security-related matters.

· Identify different tactics and techniques of attacks.

· Recommend and implement system enhancements that improve the performance, security, and reliability of the system.

· Build out processes and procedures to include documenting work in SOPs.

· Train and assist junior members of the SOC team.

· Plan and implement projects and initiatives.

· Communicate clearly and concisely with managers and colleagues.

· Demonstrate flexibility and eagerness to take on challenges by performing tasks not listed above.

Core Work Schedule: Saturday – Wednesday, 7:00AM – 3:30PM EST

Work Location: Hybrid: remote AND up to two days per week in the office in Sterling, VA or Washington, DC.

QUALIFICATIONS

Basic Qualifications

· U.S. citizenship and an active SECRET Government Security Clearance.

· 5+ years of related systems security engineering experience, primarily in the federal government environment, dealing with business critical, high-availability systems.

· 5+ years SOC or cybersecurity-related experience.

· 3+ years of experience with a SIEM tool, preferably Splunk

· Experience with Splunk dashboard and Microsoft Sentinel.

· 4+ years querying and manipulating data experience, including 2+ years’ experience with SPL (required) with knowledge of data types, conditions, and regular expressions.

· Understanding of system, network, and application security threats and vulnerabilities with the ability to establish monitoring solutions.

· Understanding of Boolean logic and event correlation.

· Strong ability to identify logging and monitoring requirements/gaps.

· Solid knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors.

· Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow.

· Security+ CE or other 8570 IAT level II certification.

· Knowledge and experience applying cybersecurity specifications, including familiarity with the Risk Management Framework (RMF) and compliance with NIST standards such as NIST SP 800-53.

Preferred Qualifications

· Data normalization with Splunk using/creating field aliases, calculated fields, field extractions.

· Certified Splunk Power User or higher.

· Ability to track incidents using MITRE ATT&CK.

· Knowledge of cloud security.

· Knowledge of system administration, networking, and operating system hardening techniques.

· Mixed operating systems experience: (Linux, Windows).

· Experience troubleshooting issues related to storage.

· Scripting/coding experience.

· Knowledge of Web Application Firewalls (WAF) security protections.

Education and Experience Requirements: High school diploma or equivalent and at least 12 years of work experience; Bachelor's degree and 8 years of experience; Master's degree and 6 years of experience; PhD and 3 years of work experience.