Cyber Security Operations Specialist / CSOC Tier 2
Company: CACI International Inc.
Location: Springfield
Posted on: January 26, 2023
Job Description:
Cyber Security Operations Specialist / CSOC Tier 2Job Category:
Information TechnologyTime Type: Full timeMinimum Clearance
Required to Start: TS/SCIEmployee Type: RegularPercentage of Travel
Required: NoneType of Travel: NoneCACI's Transport & Cybersecurity
Services (TCS) program has an immediate opportunity for a Cyber
Security Operations Specialist / CSOC Tier 2 to join our team in
Springfield, VA (or) St. Louis, MO!TCS offers a long-term, CACI
prime contract opportunity supporting the
NationalGeospatial-IntelligenceAgency's (NGA) GEOINT mission. Our
team of talented Network and Cybersecurity professionals help
design, develop, procure, implement, operate/sustain, and enhance
NGA networks and cybersecurity posture in support of national
security.Joining the TCS Team means working with leading-edge
technologies, on high performing cyber / network security teams,
and gaining invaluable skills that can propel your career!What
You'll Get to Do: As the Cyber Security Operations Specialist, you
will provide CSOC Tier 2 services, which is 24x7x365 coordination,
execution, and implementation of all actions required for the
containment, eradication, and recovery measures for events and
incidents. CSOC Tier 2 services includes malware and implant
analysis, and forensic artifact handling and analysis. When a CIRT
is stood up, all contractors in support of CSOC Tier 2 services
will be under the direct control of, and take direction from, the
Government CIRT Commander. While not in a period of incident
response, you will conduct continuous exercises and dry runs to
improve response outcomes in the event of a cyber-incident.More
About the Role
- Coordinate and implement tasks, performing analysis, and
building/documenting response activities required during cyber
security incident response, to include but not limited to actions
such as implementing containment measures, IP blocks, domain
blocks, and disabling user accounts on direction of the
Government.
- Coordinate with Security and Installations Directorate (SI)
Office of Counterintelligence (SIC), Insider Threat Office (SIII),
in addition to other law enforcement and counter intelligence
personnel as required to perform advanced investigation and triage
of incidents
- Collaborate with appropriate authorities in the production of
security incident reports
- Categorize incidents and events
- Coordinate with other contracts, organizations, activities, and
other services as appropriate to ensure incidents are properly
reported, contained, and eradicated
- Coordinate with other contracts, organizations, activities, and
other services as appropriate to de-conflict blue / red team
activity with open incidents/events
- Coordinate with other contracts, organizations, activities, and
services to ensure NGA recovers from an incident/event
- Build timelines, documents, briefings, and other products as
required to inform stakeholders of incident response actions,
analysis, and the impact of both adversary activity and blue force
response actions
- Document actions taken and analysis in the authorized ticketing
system
- Develop, generate and update reports in the Joint Incident
Management System (JIMS), Incident Case Management System (ICMS),
and/or other authorized reporting systems as directed
- Develop, maintain, sustain, and execute custom scripts, tools,
and capabilities to collect and analyze data, and to respond to
incidents/events
- Perform digital media analysis on host, server, and network
data as required to analyze and respond to an incident, to include
but not limited to volatile and non-volatile memory and/or system
artifact collection and analysis
- Develop and identifies indicators of compromise to send to
Cybersecurity stakeholders and other Contract Services
- Provide adversary attribution
- Perform malware analysis and signature development
- Provide input to and coordinate with all applicable
stakeholders to develop and deliver the daily CSOC Significant
Activity Report, the daily CSOC Operations Update, and the Weekly
CSOC Status Report
- Serve as C-IRT members as required and serve under the direct
control of, and take direction from, the Government C-IRT
Commander
- Develop and coordinate courses of action with various
Government and contract stakeholders, and execute Defensive
Cyberspace Operations-Internal Defensive Measures on NGA networks
and systems
- Perform digital media analysis and malware reverse engineering
on host, server, and network data as required to analyze and
respond to an incident, to include but not limited to volatile and
non-volatile memory and/or system artifact collection and
analysis.
- When properly authorized by the Government, execute custom
scripts, tools, and capabilities to collect and analyze data, and
to respond to incidents/events
- Develop, document, and provide to the Government incident
investigation reports which include sufficient information to
document the entire lifecycle of the incident and the response,
including but not limited to adversary and friendly forces
activity, host and network analysis, timelines, and recommendations
for corrective actions, recommendations for new Tactics,
Techniques, and Procedures (TTP) and other recommendations as
appropriate, within 30 days of C-IRT stand-down
- Conduct Quality Control reviews of a percentage closed CSOC
Tier 2 tickets each week to ensure proper analysis, categorization,
documentation, and notificationYou'll Bring These
QualificationsClearance:
- TS/SCI (current); with the ability to successfully
pass/maintain a Government Polygraph (post-hire)Certification(s):
- DoD 8140.01 / 8570.01-M IAT Level II Certification
(current)
- Ability to obtain/maintain CSSP Analyst certification within
120 days of startEducation / Experience:
- Bachelors Degree and Four (4) years of relative work
experience. Additional experience may be considered in lieu of a
degree.Work Schedule:
- Ability to work One (1) or more of Five (5) work shiftsSkills &
Technologies:
- TCP/IP
- Protocol analyzers
- Network protocols
- Cyber Attack Lifecycle
- Mitre Att&ck framework
- Obfuscation techniques (i.e. base64; rot13; XOR; URL encoding;
etc.)
- Utilizing SIEM for event analysisThese Qualifications Would Be
Nice to Have
- IAT Level III
- Scripting Skills (Bash or Python)
- Static file signatures (i.e. "Magic Numbers")
- Hex editor
- JavaScriptWhat We Can Offer You:
- We've been named a Best Place to Work by the Washington
Post.
- Our employees value the flexibility at CACI that allows them to
balance quality work and their personal lives.
- We offer competitive benefits and learning and development
opportunities.
- We are mission-oriented and ever vigilant in aligning our
solutions with the nation's highest priorities.
- For over 55 years, the principles of CACI's unique,
character-based culture have been the driving force behind our
success.TCS2Company Overview: At CACI, you will have the
opportunity to make an immediate impact by providing information
solutions and services in support of national security missions and
government transformation for Intelligence, Defense, and Federal
Civilian customers. CACI is an Equal Opportunity Employer -
Females/Minorities/Protected Veterans/Individuals with
Disabilities.As a federal contractor, CACI is subject to any
federal vaccine mandates or other customer vaccination
requirements. All new hires are required to report their
vaccination status.
Keywords: CACI International Inc., Springfield , Cyber Security Operations Specialist / CSOC Tier 2, Other , Springfield, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...