EverWatch is a government solutions company providing advanced defense, intelligence, and deployed support to our country’s most critical missions. We are a full-service government solutions company. Harnessing the most advanced technology and solutions, we strengthen defenses and control environments to preserve continuity and ensure mission success.
EverWatch is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age (40 or older), disability, genetic information, citizenship or immigration status, and veteran status or any other factor prohibited by applicable law.
EverWatch employees are focused on tackling the most difficult challenges of the US Government. We offer the best salaries and benefits packages in our industry - to identify and retain the top talent in support of our critical mission objectives.
ResponsibilitiesWe are looking for an experienced Security Operations Center (SOC) Tier II Analyst to improve monitoring strategies and analyze threats to safeguard infrastructure supporting global missions focused on seeking out and eliminating cyberspace threats to defend the United States and its Allies. You will guide the team on best practices and security measures. You'll configure defense tools, create reports, and dashboards and build custom queries. You will make recommendations to leadership on best practices to harden infrastructure and improve alerting. You'll lead incident response and remedy potential incidents escalated from Tier 1 SOC Analysts. You'll work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact. You will guide efforts to assess how many systems are affected and assist recovery efforts. You'll combine threat intelligence, event data, and assessments from recent events to identify patterns and provide mitigation techniques and strategies. Finally, you will apply knowledge of attacker techniques to uncover threats by analyzing log data, and building and tuning detections.
QualificationsQualifications:
6+ years of experience in modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident responseExperience with writing detections within SIEM solutions, including Splunk, ArcSight, ElasticSearch, or Azure SentinelExperience with Intrusion Detection System or Intrusion Prevention System (IDS/IPS) monitoringKnowledge of the basic functions and configurations of Bro or ZeekKnowledge of OS internals, including Windows, Linux, or MacKnowledge of common security threats and vulnerabilitiesAbility to perform Nessus scans and review results, firewall configurations, and Linux hosts for indicators of compromise and hardening of Linux systemsTS/SCI clearance with a polygraphBachelor's degreeIAT Level II Certifications
Nice If You Have:
Experience in creating and debugging Splunk Dashboards and creating Snort rules Experience with security subjects and trends, including digital forensics, reverse engineering, and penetration testingExperience with security principles in virtual and hosting software, including MISP, HIVE, CORTEX, WikiJS, VPN, and SecurityOnionExperience with leading teams in a technical capacityExperience with leveraging common scripting languages, including PowerShell or Python to parse logs and automate repeatable tasksAbility to use Splunk to hunt for indicators of compromise, create Splunk Dashboards, and review logsAbility to code or script using any languageAbility to partner and collaborate with teams, both internal and external, including developers, vendors, analysts, tech leads, and project managersDOD 8570 CSSP Analyst Certification GCIA, GSLC, GCIH, CISM, CISSP, or- CEH Certifications Clearance Level TS/SCI polygraph Job Locations US-MD-Annapolis Junction Skills SIEM, Intrusion Detection Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQsSoftware Powered by iCIMS
www.icims.com