Cybersecurity Operations Specialist - Tier 3

ECS is seeking a Cybersecurity Operations Specialist - Tier 3 to work in our Washington, DC office.

Job Description:

• Cloud Security: Plan, implement, upgrade, or monitor security measures for the protection of House assets and information hosted on cloud platforms. Understand and perform security analysis on industry-standard cloud platforms. Develop standard operating procedures pertaining to cloud-based security event handling.

• Detection Engineering: Create custom detection mechanisms that correlate numerous log sources to alert potential intrusion. Create and maintain corresponding documentation for future event handling.

• Incident Response: Assistance in leading all facets of an IR. Familiarity with execution and detection for all steps within the Cyber Kill Chain. Provide remediation recommendations as it pertains to the House network.

• Log Analysis and Event Detection: Understand and identify log sources from many and various sources. Have the ability to analyze, parse, institutionalize, and train others on the contents of these logs. Review these logs to determine potentially useful events. Identify content enrichment sources for both new and existing datasets and methods of providing additional context to enrich them.

• Malware Analysis: Organize requests for information that include dissecting and evaluating the behavior of malware samples using static and dynamic analysis. Additionally, extract and document IOCs for further detection and investigation.

• Network Access Control: Maintain a foundational knowledge of enterprise NAC solutions and apply that knowledge into extracting and parsing network logs to develop NAC event handling and response controls.

• Security Automation: Experience creating, maintaining, and troubleshooting automation playbooks that assist in the operation of SOC tasks. Experience in Python & PowerShell desired.

• Threat Hunting: Develop hypotheses and testing plans to identify anomalous behavior. This will involve delegating and tracking IOC sweeps as needed and performing intricate investigations for individual TTPs. This will also involve coordinating and collaborating with system points of contact to determine and confirm expected vs unexpected and anomalous behavior. Create a final report detailing findings, lessons learned, new detections, and potential use cases.

Salary Range: $110,000 - $122,000

General Description of Benefits

Required Skills:

• Proficiency in utilizing Splunk when supporting or leading investigations

• The ability to identify new data sources for determination of security events:

• Analyze raw data sources to extract, institutionalize, and document actionable events.

• Review existing security events and propose refinements, automation, and/or broaden handling capabilities as appropriate.

• The ability to communicate the current status of the House security:

• Identify and report on metrics related to the operations of the team.

• Identify and report on project status related to augmenting detection ability.

• Subject Matter Expert (SME) on two or more of the following: Log Analysis/Event Detection, Malware Analysis, Cloud Security, Network Access Control, Security Automation, Incident Response, Detection Engineering, Cyber Threat Hunting.

• Has the ability to work with security tools that emulate adversary like actions and personnel to develop, document, and test detection mechanisms and to close the loop by working with the applicable teams to improve the security of the House by resolving findings.

• The ability to develop detailed multi month and resourced project plans providing timely updates.

• Works with executive management to determine acceptable levels of risk for the enterprise.

• Ability to lead in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.

• Coordinate incident response with security operations staff and serve as incident response or hunt lead.

• Has the ability to develop and document a hunt plan and the capability to develop standardized detection mechanisms based on the hunt plan.

• Ability to work with staff to develop a vision and independently lead the implementation of new capabilities.

• Ability to lead in the development and performance of quality control checks for Cybersecurity operations.

• Ability to lead in the development and performance of operational metrics for Cybersecurity operations.

• Ability to lead in the development and performance of project management for Cybersecurity operations.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.