Sr SOC Analyst

Senior SOC Analyst Washington, DC (Hybrid onsite and telework) SUMMARY: Founded in 2001, Indigo IT is an award winning information technology consulting and services company. We are a trusted services provider to government agencies seeking innovative Cloud, Cybersecurity, Knowledge Management, and Enterprise solutions. We know our defense, federal, and civilian customers have critical IT infrastructures that must remain reliable, available, and maximized. Indigo IT is mission focused and committed to maintaining a sense of urgency in anticipating and supporting our customers’ technology goals and objectives. Our unique ability to think beyond today allows our clients to stay ahead of their IT challenges. As a Veteran-Friendly employer, we are proudly partnered with the Virginia Values Veterans (V3) Program, and a recipient of the HIRE Vets Gold Medallion Award, which recognizes our commitment to recruiting our nation’s Veterans. Recognized on the Inc. 5000 list of America’s fastest growing companies in 2020 & 2021 and named as one of the 2022 Best Places to Work in Virginia, we are always looking to hire top talent in the field - come join us today This position will support an IT Security Program across a geographically dispersed infrastructure and user population. This support will include technical administration, deployment, and management of intrusion prevention system (IPS), security information and event management (SIEM) system, vulnerability management, and incident activities. Additionally, this position will support the modification to existing infrastructure protection deployments to respond to changes in infrastructure and shall support the deployment of additional hardware and/or software at remote office locations. This support may include the utilization of VMWare to support rapid deployment at remote locations and high availability of infrastructure protection products. Monitor Realtime Network Activity for Potentially Suspicious Activity Monitor the health of the Infrastructure Protection Tools and ensure that all tools are operating with up-to-date patches, signature files, log sources, etc., and maintain 24/7 visibility into the network to monitor for security events. Investigate Network Anomalies Investigate network anomalies and system events as part of an incident response team and author and implement custom detection content and/or SIEM rules for perimeter and endpoint security solutions. Assess the Current Capabilities of the Security Operations Center Assess the current capabilities of the SOC and identify deficiencies or areas for improvement based on industry and government best practices (such as the MITRE ATT&CK framework) that may address recommendations in strategy, hardware, software, resource support, etc. Remain up to date with current threats utilizing open-source intelligence. ESSENTIAL FUNCTIONS/RESPONSIBILITIES: Provide cyber-operations monitoring and operational support for services during normal business hours. Act as internal expert on, and support investigations into, matters relating to intrusion detection and incident response. Research and advise on the development of security monitoring and incident responses processes and solutions with a focus on continuous improvement. Provide cyber-operations support at the expert experience level for the following types of activities: Provide monitoring and analysis support for enterprise IDS/IPS and SIEM solutions including event analysis, log analysis, and event correlation to identify IT security events. Provide reporting and overall support to ensure the security events are being reviewed and actioned in a timely manner. Provide support for enterprise anti-virus & anti-malware protection including server operation, policy creation, virus investigation and remediation, and reporting. Provide support for enterprise vulnerability management including, server operation, policy creation, vulnerability and compliance scanning, vulnerability investigation and remediation, and reporting. Provide support for enterprise patch management including client installation, server configuration and operation, policy creation, failed client investigation and remediation, patch deployment, and reporting. Provide support for operating system image creation including initial image preparation, periodic updates to maintain the image with security patches and application updates, new/prototype hardware images, and imaging server configuration and operation. Design, develop, engineer, and implement computer security solutions. Define and design processes and procedures supporting the implementation of computer security solutions. Provide support for creation and maintenance of documentation to include, but not limited to, hardware and software configurations, operation and maintenance documents, and Visio diagrams. EDUCATION, EXPERIENCE, & CERTIFICATIONS: Bachelor’s Degree in computer science, information systems, business, engineering, or related technical field. Technical training in these fields may be substituted for a degree. Minimum 10 years of experience in performing IT security support services or in a related field of study. An Associates Degree with 12 years of experience in performing IT security support services or in a related field of study may substitute for above. US Citizenship and ability to obtain and maintain a Public Trust clearance is required. SPECIFIC KNOWLEDGE, SKILLS, & ABILITIES: Experience with cybersecurity systems, tools, platforms, or applications, including Splunk, Cisco Firepower, Palo Alto Cortex XDR, IDX Identity Protection Services. Experience with Splunk is required. Support the administration, operation, and management of an intrusion prevention system (IPS), unified threat manager (UTM), and other systems as needed, to include: The modification of policy. The deployment and maintenance of remote sensors. The tuning of rules, alerts, parsers, and custom scripts. Monitoring the integrity, availability, and health status of the system. Monitoring and assessment of alerts and determination of appropriate responses required to mitigate risk and provide threat and damage assessment if needed. Support the operation and management of a security information and event management (SIEM) systems, to include: Monitoring, reviewing, and analyzing system event and network flow logs in correlation with other security tools to identify potential security incidents. The configuration of event logs from multiple sources and network flow data. The development and/or modification of event reports to identify suspicious behavior or potential violations of agency policy. Support the operation and management of a vulnerability scanner to include: Conducting vulnerability assessments and configuration compliance scans of workstations, servers, and network infrastructure, Performing web application and database vulnerability scanning, if needed, Performing source code analysis, if needed, Performing penetration testing to validate identified vulnerabilities, if needed. Analyzing vulnerabilities, developing mitigation strategies, and working with operational stakeholders to remediate identified vulnerabilities, Support incident response activities to include: Validating threats detected by perimeter devices, SIEM system, and forensic tools. Assessing source and impact of threat. Prioritizing responses; and fully understanding the risk of each threat and remediate, if needed. Develop Regex (Regular Expressions) scripts as needed to develop custom rules and queries. Develop and document standard operating procedures (SOP) as needed. Demonstrated experience serving in a lead role performing tasks that may include, but not be limited to: Incident Response, Endpoint Detection and Response, Network Monitoring, Intrusion Detection/Prevention, and SIEM use and administration. Demonstrated experience leading efforts to respond to and analyze incidents, identifying their root cause and potential impact. Demonstrated ability to think critically and creatively to develop innovative solutions to software problems. Strong analytical skills with the ability to analyze data sets to determine trends, establish strategies, and make decisions. Outstanding interpersonal and communication skills with the ability to effectively communicate across diverse audiences and influence cross functionally. Ability to multi-task as well as be strategic, creative, and innovative in a dynamic, fast paced matrix team environment. At Indigo IT, we offer an expansive benefits package for our employees, which includes: Medical, Dental, and Vision coverage options. In addition, we offer 401(k) with company match, Group life and disability, Flex Spending Accounts (FSA), Paid Time Off (PTO), Paid holidays, and Education assistance. We also have in house training programs for employees, we reward thought leadership with bonuses and recognition for publishing, speaking, and innovative thought leadership in our industry. Indigo IT is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. This employer uses E-Verify.