Back to search results
Apply now »
Share this Job
Network Intrusion Analyst
Date: Aug 26, 2010
Location: Chantilly, VA, US
Position Description
SRC is seeking a network intrusion analyst. This position will function as a member of a Computer Security Incident Response Center team, integrated with one of SRC’s customers in the Washington, D.C. area. Incumbent will be required to perform as subject matter expert on intrusion analysis and techniques for operationally time critical intrusion analysis events, activities and issues that impact the security posture of the organization's critical networks. This position is a part of team that performs as the Tier I/II action/response, focused operations element for time sensitive events, as well as maintaining overall situational awareness of the networks security posture. Using a variety of enterprise sensors, incumbent will provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating and tracking of security-related activities for LANs and Non-Steward Extranets. Position could require working shift schedule as part of a 24/7 operations team and require some travel.
Responsibilities include, but are not limited to
- Prioritize multiple tasks and formulate response/ recommendation to customer and fellow team members
- Provide technical expertise on post event network security logs and provide remediation recommendations
- Conduct long term analysis and apply intrusion detection techniques to identify network and system vulnerabilities
- Conduct signature development for implementation into customer’s sensors and conduct trends analysis
- Apply intrusion detection and analysis techniques to audit and analyze approximately 30,000 devices for anomalies
- Review security events that are detrimental to the overall security posture
- Analyze and detect sophisticated and nuanced attacks and discern false positives and provide results to client
- Perform correlation of NIDS and HIDS logs with other records such as firewall/proxy logs, anti-virus, server audit trails and vulnerability information and formulate findings into daily, weekly or monthly reports
- Create customs scripts using several languages applicable to customer environment designed to detect vulnerabilities and/or confirm compliance of IT assets within environment
- Coordinate and liaise with other U.S. government epartments and agencies with information regarding intrusion detection and the security incidents in the customer networks
- Work collaboratively with other departments and agencies to improve customer’s security posture and detection capabilities through technical recommendations, custom signature creation or policy/procedural change recommendations
Position Requirements
- Applicants must have a bachelor’s degree in computer science, software engineer, information systems security or relevant degree, and one or more years of information assurance experience or an equivalent amount of operational experience
- GCIH, GCIA and GIAC certifications extremely desired
- Familiarity with ISS Proventia SiteProtector IDS, CISCO PIX, Mcafee ePolicy Orchestrator, Symantec Netscreen, Checkpoint firewall, Tenable Security Center, BigFix and EnCase Enterprise are also highly desired
- Position requires drive, initiative and creativity in identifying and responding to events and identification and investigation of anomalies. Candidate must demonstrate both technical accumen and critical thinking abilities.
- Current U.S. government security clearance desired
Security Clearance Requirements
Must be a U.S. citizen. Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
EEO/AA employer. Female, minority, Vietnam-era Veteran and disabled candidates are encouraged to apply
SRC is seeking a network intrusion analyst. This position will function as a member of a Computer Security Incident Response Center team, integrated with one of SRC’s customers in the Washington, D.C. area. Incumbent will be required to perform as subject matter expert on intrusion analysis and techniques for operationally time critical intrusion analysis events, activities and issues that impact the security posture of the organization's critical networks. This position is a part of team that performs as the Tier I/II action/response, focused operations element for time sensitive events, as well as maintaining overall situational awareness of the networks security posture. Using a variety of enterprise sensors, incumbent will provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating and tracking of security-related activities for LANs and Non-Steward Extranets. Position could require working shift schedule as part of a 24/7 operations team and require some travel.
Responsibilities include, but are not limited to
- Prioritize multiple tasks and formulate response/ recommendation to customer and fellow team members
- Provide technical expertise on post event network security logs and provide remediation recommendations
- Conduct long term analysis and apply intrusion detection techniques to identify network and system vulnerabilities
- Conduct signature development for implementation into customer’s sensors and conduct trends analysis
- Apply intrusion detection and analysis techniques to audit and analyze approximately 30,000 devices for anomalies
- Review security events that are detrimental to the overall security posture
- Analyze and detect sophisticated and nuanced attacks and discern false positives and provide results to client
- Perform correlation of NIDS and HIDS logs with other records such as firewall/proxy logs, anti-virus, server audit trails and vulnerability information and formulate findings into daily, weekly or monthly reports
- Create customs scripts using several languages applicable to customer environment designed to detect vulnerabilities and/or confirm compliance of IT assets within environment
- Coordinate and liaise with other U.S. government epartments and agencies with information regarding intrusion detection and the security incidents in the customer networks
- Work collaboratively with other departments and agencies to improve customer’s security posture and detection capabilities through technical recommendations, custom signature creation or policy/procedural change recommendations
Position Requirements
- Applicants must have a bachelor’s degree in computer science, software engineer, information systems security or relevant degree, and one or more years of information assurance experience or an equivalent amount of operational experience
- GCIH, GCIA and GIAC certifications extremely desired
- Familiarity with ISS Proventia SiteProtector IDS, CISCO PIX, Mcafee ePolicy Orchestrator, Symantec Netscreen, Checkpoint firewall, Tenable Security Center, BigFix and EnCase Enterprise are also highly desired
- Position requires drive, initiative and creativity in identifying and responding to events and identification and investigation of anomalies. Candidate must demonstrate both technical accumen and critical thinking abilities.
- Current U.S. government security clearance desired
Security Clearance Requirements
Must be a U.S. citizen. Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
EEO/AA employer. Female, minority, Vietnam-era Veteran and disabled candidates are encouraged to apply
Nearest Major Market: Washington DC
Job Segments: C#, Cisco, Database, Engineer, Engineering, Information Systems, Network, Software Engineer, Technology
Apply now »
