Type of Requisition:
Clearance Level Must Currently Possess:
Clearance Level Must Be Able to Obtain:
Agency Specific, No Suitability Required
Public Trust/Other Required:
We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important.
At GDIT, people are our differentiator. Our work depends on a Security Operations Center Engineer joining our team at the Office of the Comptroller of the Currency (OCC) to support activities in Washington, DC. The OCC's Mission is to ensure a safe and sound banking system for all Americans.
Level of Clearance Required: U.S. Citizenship and background investigation is required; you must have a current clean financial background to obtain an agency specific Public Trust.
In this role, a typical day will include:
- Monitor the Security tools at the OCC CDC CEM, including but not limited to, SIEM, Proxy, IPS/IDS, Firewall, Active Directory, Vulnerability Scanner, Anti-Malware, Endpoint Security, Web Application Firewall, NetFlow, Packet Capture, computer log files, etc., to maintain situational awareness to satisfy the CEM 24x7 monitoring requirement
- Proactively protect the OCC. The CEM analyst will look for unusual activity by reviewing all available information including but not limited to the above referenced tools and investigate any unusual activity that is detected.
- Investigate all security alerts received by the CEM. The investigation will make use of all tools and log files possible. The investigation will determine if the alert is a false positive, a security event, an actual attack, and/or a security incident. The investigation will answer and report on the who, what, where, when, and how of the occurrence. The investigation will report on any actions taken to contain and/or remediate the situation and any recommendations for further action. The investigation will include a historical summary of previous investigations of the same alert.
- Investigate anything requested by management or the CSO at their discretion. The investigation will be performed as described above
- Provide cybersecurity root-cause analysis in support of any tickets for which it fails to meet the Acceptable Quality Levels (AQLs) specified in the PRS. This root-cause analysis will include documenting recommendations for corrective action.
- Escalate any security incident (the confidentiality, integrity, or availability of any information or information asset is negatively impacted) to Incident Response (IR). Further, the CEM analyst will enlist the assistance of IR for any situation which require skills that exceed the skills of the CEM analyst/team, or that require more manpower than is available to the CEM team.
- Perform a shift handoff at the end of every shift. The shift handoff will provide situational awareness to the incoming shift. The shift handoff will also instruct the incoming shift to finish investigations, reports and other work which was not completed by the outgoing shift, and provide all details required for the incoming shift to easily pick up the work where it was left off. The shift handoff information will be recorded in the shift report in the format described in the shift report SOP.
- Will write and distribute reports, including but not limited to the Shift Report, the Daily Virus Report, the Daily Activities Report, Daily Shift Tracker, the Weekly Activities Report, the Blue Coat Report, Investigation Reports, etc., as described in their respective SOP, ad hoc as the need arises, or as directed by management.
- Will write reports on investigations, other reports, emails or any other communications that use proper grammar, are easily understood, logically constructed, and complete to the point that no likely questions remain unanswered.
- Will process and complete tickets received from ServiceNow such as Non Standard Software Require, Unblock Request, Lost and Stolen, etc., in the manner described in their respective SOPs. Any ServiceNow tickets not completed and closed by the end of the shift must be handed off to the next shift for completion.
- Will process and complete tickets received from CDC Tracker. Any CDC Tracker tickets not completed and closed by the end of the shift must be handed off to the next shift for completion.
- Will investigate all reported suspicious emails and determine whether the email is malicious, non-malicious or legitimate. The CEM Analyst will categorize and file the reported email to support tracking and reporting activities. The CEM analyst will reply to the user who reported the suspicious email with a message reporting the determination and any recommendations.
- Will maintain their Laptop and all software therein in a state of readiness necessary to support all activities required of the CEM analyst.
- Will read all Emails they receive and handle each as required by either responding, investigating, reporting, acknowledging, filing and categorizing for future reference, etc.
- Will attend all meetings and conference calls that may be required. The CEM analyst will take notes as appropriate and report pertinent information to the rest of the CDC as appropriate.
- Will update their Timesheet every day and keep it current as of the close of that day.
- Will assist coworkers where necessary, including but not limited to onboarding, training, investigations, reports, etc.
- Required to complete periodic training such as Security Awareness Training, Privacy Training, Sexual Harassment Training, etc.
Bachelors of Science in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area
Minimum 1 year of experience in Security Operations Center environment, exceptions may apply based on other factors
At least one of the following certification:
Network+ or Security+
Working knowledge of policies, procedures, and protocols of a government Security Operations Center
- Knowledge of numerous security tools and technologies to include some of the following and/or closely comparable security technologies: McAfee Nitro SIEM, McAfee IDS/IPS, Imperva web application firewalls, McAfee Enterprise Antivirus, BlueCoat, Symantec DLP, FireEye, Guardium, Firewalls, QualysGuard, AppScan and others. ServiceNow experience
- Experience at the U.S. Department of Treasury
- Previous SOC management experience at a federal agency similar in size, scope, and complexity.
WHAT GDIT CAN OFFER YOU
Autonomy, career mobility, challenging work, and team environment
Discover more at www.gdit.com/careers
General Dynamics Information Technology is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Scheduled Weekly Hours:
Telecommuting Not Allowed
USA DC Washington
Additional Work Locations:
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
This job has expired.