About ORock Technologies
ORock Technologies is a small business Cloud and Infrastructure as a Service (IaaS) provider that supports the specialized needs of organizations with the highest data security requirements, including Independent Software Vendors (ISVs), solution providers, and enterprise end users in such markets as Defense, Intelligence, Government, Financial Services, and Healthcare.
As a Red Hat Certified Cloud & Service Provider (CCSP), ORock owns and operates a carrier-grade private fiber optic network with multiple data centers and a secure, open source, “pure-play” Red Hat cloud. Our state-of-the-art IaaS and Cloud solutions offer superior levels of security, performance, compliance, flexibility, and control for ORock customers, channel partners, and software vendors.
Currently we have a need for a SIEM Analyst to work out of our Reston, VA HQ. YOU MUST BE A US CITIZEN and be eligible for a clearance of Secret level or above.
The Security Information and Event Management (SIEM) Analyst opening is a full-time position with responsibilities for the data aggregation and correlation of all cyber events from various network sensors, continuous monitoring tools, system and audit logs, and other alerting and reporting systems into a Security Information and Event Management (SIEM) platform to provide notification of cyber activity. This includes but is not limited to providing real-time analysis of security alerts generated by applications and network hardware. The SIEM Analyst will support SOC personnel conducting incident response and reporting. The analyst will incorporate cyber threat data and provide mitigation strategies, security controls, and process improvements to continuously enhance the network defense status. Works hand in hand with Cyber Threat Analysts to develop a cyber situational awareness picture based on threat activity, reporting, and SIEM data.
Primary Duties and Responsibilities:
-
Deploy, configure, implement, and manage SIEM solutions
-
Synchronize source feeds into the SIEM and create alerts, reporting dashboards, filter rules, and search queries
-
Provide situational awareness and attack sensing and warning through SIEM, analysis and coordinated information flows gathered from a variety of system and sensor sources within the enterprise
-
Synthesize, summarize, consolidate and share potentially malicious activities by creating incident reports, updates, collaboration/chat tippers and notifications, updating incident handling databases
-
Receive and analyze alerts from various enterprise level sensors and determine possible causes of such alerts
-
Support incident handling and response, triage of events, network analysis and threat detection, trend analysis, metric development, vulnerability information dissemination
-
Create and lead processes that support the analysis of log files from a variety of enterprise level systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs
-
Support security engineering design and implementation
-
Managing the collection and advanced analysis of intrusion artifacts and using discovered data to enable mitigation potential of incidents within the enterprise
-
Performs analysis of digital information and gathers and handles evidence
-
Identifies network computer intrusion evidence and perpetrators
-
Responsible for incident confirmation, response, data collection, investigation, and analysis
-
Support incident tracking, POAM management, and ticket resolution
Those successful in this position will have:
-
Install and configure SIEM into Red Hat environment
-
Proven hands on experience working with Splunk, QRadar, or equivalent toolsets to create custom queries, searches, correlated alerts, and dashboards
-
SIEM experience from the perspective of creating searches and understanding how to pivot in the data fields to follow an investigation
-
Proficient understanding of Cyber Network Defense (CND) in regard to protect, detect, respond
-
Leverages knowledge of computer and network architecture to provide analysis during investigations identifying adversarial activity and methods for future detection and prevention
-
Knowledge of host and network log sources to apply to investigation, IR methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
-
Proficient experience with Analyst Notebook or equivalent toolsets to cyber event correlation
-
Hands on experience with Red Hat LINUX
-
Knowledge of Cyber intrusion vectors, malware, networking, and monitoring
-
BA or BS in Information Security, Information Assurance, Computer Science, or related field
-
Five+ years of experience in networking and information security
-
Ability to write concise analytical products and assessments
Employment Eligibility
ORock Technologies requires the candidate to prove eligibility to work in the United States. All final candidates will be asked to complete a background check. These record checks can include any or all of the following: education verification, employment verification, drug screening, criminal record check, and/or driving record check.
ORock Technologies is an equal opportunity employer and considers qualified applicants for employment regardless of race, gender, gender identity, gender expression, age, color, religion, disability, veteran’s status, sexual orientation, or any other protected factor.