Company Overview

For 30 years, clients in the private and public sectors have relied upon SOS International LLC (SOSi) for critical operations in the world’s most challenging environments. SOSi is privately held, was founded by its current ownership in 1989, maintains corporate headquarters in Reston, VA, and specializes in providing logistics, construction, training, intelligence, and information technology solutions to the defense, diplomatic, intelligence and law enforcement communities.

All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.


5-180918-7825: Network Security Specialist 3/4
LocationU.S. - Virginia - Arlington
Open Date9/18/2018
  
JOB DESCRIPTION

STG, Inc., a wholly owned subsidiary of SOS International LLC (SOSi), is seeking a Network Security Specialist to support the Department of Homeland Security in Arlington, VA.  The selected candidate will perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify possible threats to network security as well as collect network intrusion artifacts and use discovered data to enable mitigation of potential CND hunts and incidents. 

The selected applicant will become part of the United States Computer Emergency Readiness Team (US-CERT), responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. US-CERT provides advanced network and digital media analysis expertise and defends against malicious activity targeting networks within the United States and abroad.

ESSENTIAL JOB DUTIES

  • Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify possible threats to network security.  

  • Collect network intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents.  

  • Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information.  

  • Identify and document network based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.  

  • Track and document CND incidents from initial detection through final resolution.  

  • Perform real-time CND Incident Handling (i.e. forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.  

  • Create and disseminate technical reports in response to conducted analysis.  

  • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies. 

  • Assist with developing and maintaining SOPs.  

  • Participate in inter-agency sponsored community of interest analysis groups, participate in technical briefings and exchanges.  

  • Serve as technical expert and liaison to leadership, NCCIC, the IC, and law enforcement personnel explaining incident details as required.  

  • Manual review network device configurations for suspicious configurations or signs of compromise.  

  • Assess network topology and device configurations identifying critical security concerns and providing security best practice recommendations  

  • Collect network device integrity data, utilizing specialized tools, to detect unauthorized access (login access, configuration changes, interface changes, physical access, unscheduled reboots, blocked attempts, downgraded encryption, etc.).  

  • Collect network device integrity data, utilizing specialized tools, to detect software modifications (file verification, online/offline hash, published hashed, memory verification, firmware verification, rootkit detection).  

  • Collect network device integrity data, utilizing specialized tools, to detect hardware modifications (operating statistics, network traffic analysis).  

  • Support network device integrity analysis on multi-vendor products (e.g. Cisco, Juniper, HP, Dell, etc.).  

  • Divert/deploy teams of contractor resources to provide on-site support and assistance in the event of an exercise or cyber incident. 

MINIMUM REQUIREMENTS
  • Security Clearance: Active Top Secret Security Clearance with SCI eligibility is required.  In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

  • Education: Bachelors Degree in a Cybersecurity related field

  • Certifications: Security+, GCIA, GCIH, GSE, or other related professional certifications

  • This position may be filled at multiple grades based on experience:  Minimum of 5 years related technical experience for a level 3 role, minimum of 9 years related technical experience for a level 4 role.

  • Advanced skills in developing IDS signatures and ability to conceptualize IDS signatures from otherwise disparate information

  • Highly proficient in working with SNORT IDS software

  • In-depth understanding of Security Operations Center (SOC)/ Network Operations Center (NOC) operations

     

ADDITIONAL INFORMATION

PREFERRED QUALIFICATIONS

  • CISSP

  • Previous experience managing a SOC/NOC environment highly preferre

  • Familiarity with incident response products and best practices

  • Experience with database and/or portal administration

  • Current DHS Suitability at the SCI level.

  • Experience working within the Federal government technology community

  • Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and shortcomings in this structure.