XOR Security is currently seeking a Network Security Specialist - Cyber Security Operations Support to support an Agency-level SOC. The SOC program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables with experience in complex malware analysis techniques, scripting, coding, and content development. Examples of complex analysis techniques include malware de-obfuscation, examining code, sandbox/dynamic analysis, and memory analysis.
- Conduct technical analysis of network traffic to identify anomalies, which may represent potentially malicious activity, and document the analysis in prescribed formats
- Monitor and understand emerging threats on open source, defined as those technical vulnerabilities and exploits that could present a threat to government networks, analyze tools and exploits, and document the analysis in prescribed formats
- Monitor IDS/IPS alerts, analyze associated network traffic, and document the analysis in prescribed formats
- Report detected incidents to agencies, work toward resolution, escalate when required according to SOP
- Development of IDS/IPS signatures based on indicators and analysis
- Testing of IDS/IPS signatures to determine successful detection and level of false positives
- Deployment of IDS/IPS signatures based on SOPs
- Conduct technical analysis of data from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities
- Assist with the development of mitigation strategies
- Coordinate, communicate, share information, with CS&C and NCCIC components
- Deploy to provide on-site support and assistance in the event of an exercise or cyber incident
- Identify and document network-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access
- Participate in inter-agency sponsored community of interest analysis groups, and technical briefings and exchanges.
- Assist with developing and maintaining Standard Operating Procedures
- Support the collection and reporting of performance metrics
Requirements that candidates will be evaluated against:
- Bachelor’s degree
- Active TS clearance with ability to receive DHS SCI and EOD (current approved DHS EOD preferred)
- Advanced skills in developing IDS signatures and ability to conceptualize IDS signatures from otherwise disparate information
- Highly proficient in working with SNORT IDS software
- In-depth understanding of SOC/NOC operations
Preferred Qualifications or Skills:
- DODD 8570 Level II certification (SANS certifications, CISSP)
- Experience leading and managing within SOC/NOC operations
- Familiarity with Kill Chain for incident response
- Familiarity with malware analysis
- Familiarity with forensics
- Familiarity with incident response products and best practices
- Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint)
- Customer service experience
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and ACTIVE TOP SECRET CLEARANCE REQUIRED.