CND Analyst - SOC

Overview

By Light has an opening for a CND Analyst - SOC supporting the Army National Guard (ARNG) in Falls Church, VA. This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG's global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services. The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.

Responsibilities

The ARNG SOC works to monitor enterprise systems, defend against security breaches, and identify, investigate, and mitigate cybersecurity threats. In support of the SOC, the Watch SOC Team staff shall:

• Manage the operation of the SOC and the performance of traditional SOC activities on behalf of ARNG 24/7/365 to protect DoD information systems and infrastructure.
• Develop a SOC Communications Plan.
• Support the RCC-NG in the execution of traditional SOC activities during COOP exercises at a designated COOP site. If it becomes necessary to temporarily relocate SOC operations to a selected alternate site for emergency or test scenarios, support and extend normal SOC operations to that remote location.
• Provide technical reports to analyze and summarize the impact of each significant incident and the recovery costs; the capability and effectiveness of Computer Network Defense (CND) sensor coverage and the O&M costs; and the number and categories of threats of concern identified by the SOC and supplied to the SOC by external Government agencies
• Author and implement custom detection content (e.g., reports, assets, cases, connectors, customers, dashboards, field sets, files, filters, integration commands, knowledge base, lists, notifications, pattern discovery, query viewers, reports, rules, stages, and users).
• Tune the SIEM and IDS/IPS events to minimize false positives.
• Analyze and review monitoring SOC metrics.
• Evaluate and analyze hardware and software in coordination with and support of the RCC-NG.
• Improve processes including developing and refining analysis techniques.
• Coordinate and report ISS-related incidents.
• Provide support in assembling, evaluating, and monitoring various intrusion detection sensors or tools and associated software applications
• Provide DMA support services involving forensic analyses on a variety of digital media devices and mediums to identify, reverse engineer, and de-obfuscate content related to an incident, such as malicious content

Required Experience/Qualifications

• Bachelor's degree required
• Minimum 5 years IT relevent experience and 3 years SOC operations support
• Experience managing firewall, IDS/IPS, and router ACL policies
• Experience with vulerability management assessment and mitgation
• Possess the appropriate baseline certifications to achieve DoD 8570.01-M Information Assurance Technical (IAT) Level II
• Possess the appropriate DoD 8570 CSSP Analyst, Infrastructure, or Incident Responder certification

Preferred Experience/Qualifications

• Cisco Certification
• Palo Alto Certification
• Possess an ITIL® v3 or ITIL® 4 Foundation or a higher certification in either category

Special Requirements/Security Clearance

• Active SECRET DoD clearance or higher
• By Light does not require COVID-19 vaccinations or boosters; vaccination requirements and testing are subject to the status of the federal contractor mandate and customer site requirements; testing is at the cost of the employee.