SOC Analyst II

Requisition #:SOCAN003777

Job Title:SOC Analyst II

Location:380 Herndon Parkway Herndon, Virginia 20170 (Hybrid)

Clearance Level:Active DoD -Public Trust

SUMMARYThe Smithsonian Institution is a public trust whose mission is the increase and diffusion of knowledge. The Smithsonian was established by the United States Congress and includes 19 museums, the National Zoological Park, 9 research centers and numerous research programs. The Smithsonian's assets include a variety of critical information resources, such as collections information, digital collections, research data, intellectual property, donor information, financial data and transactions, computing assets (hardware and software), etc.

Agile Defense is seeking a SOC Analyst to support IT Security Staff (ITSS) with the Security Operations Center's Incident Response (IR) capabilities. The ITSS within OCIO manages the enterprise IT security program for the Institution. ITSS works closely with IT staff and other personnel from throughout the Institution on IT security initiatives and processes. ITSS consists of the Security Operations Center (SOC), Systems Risk Management (SRM), PCI Compliance, and Security Architecture & Engineering. The SOC Analyst will be responsible for working as part of an integrated security team composed of federal employees and contractors from multiple companies. The SOC analyst will also support the day-to-day IR activities and will be responsible for the daily review of security events.

JOB DUTIES AND RESPONSIBILITIES

• Investigate security events using various OCIO and industry tools to identify potential incidents, and performing actions to contain incidents in progress.
• Monitoring and analyzing logs and alerts from a variety of different systems and tools across multiple platforms in order to respond and report suspected or actual security breaches.
• Developing procedures for use, interpretation, and response to the monitoring and alert information collected.
• Monitoring security systems and events to detect and investigate threats, identifying and analyzing traffic trends, assessing the impact of security alerts and traffic anomalies on the Smithsonian network in order to make appropriate recommendations.
• Daily and hourly monitoring of the SOC's incident reporting email box.
• Support IR team activities in response to security incidents. Activities include but to limited to ensuring completion of the incident from detection thru closure, leading IR meetings and analysis with other SI units, providing situational awareness information to SI units, correlating multiple alert and incidents to determine widespread attacks, and providing incident status reports to SI management and other stakeholders.
• Maintaining and updating the incident management tool to reflect the SOC's IR procedures.
• Performing in-depth analysis and forensics, analyzing incident data, recommending solutions, coordinating response activities, and preparing reports for management.
• Support IR team during incidents to mitigate the incident and improve the security posture to reduce the likelihood of an incident occurring.
• Reporting incidents to appropriate external entities and coordinating with OIG investigators, US-CERT, and law enforcement as appropriate based on SI policies.
• Creating and maintaining applicable IR plans and procedures.
• Developing IR training and exercise materials.
• Coordinating and conducting periodic IR training sessions and exercises.
• Creating and reporting metrics on the effectiveness of the IR procedures.
• Advising system owners and administrators on improving techniques for detecting and logging potential incidents.
• Collecting, preserving, and interpreting electronic evidence related to incident investigations.
• Supporting information gathering and preparing responses to various data calls and assessment conducted by various external organizations to include but not limited to Office of Management and Budget (OMB), Department of Homeland Security (DHS), and U.S. Government Accountability Office (U.S. GAO).
• Coordinating with internal Smithsonian organization.

QUALIFICATIONS

Education, Background, and Years of Experience

• Bachelor's degree.
• Minimum of 5 years of incident response experience.

ADDITIONAL SKILLS & QUALIFICATIONS

Required Skills

• Experienced with using Splunk Enterprise Security to review security events and perform searches. Familiar with Spunk risk-based analysis features.
• Previously supported a security operations center and support IT security incident response activities.
• Proven analytical skills to assess and respond to various IT security incidents.
• Broad technical background with strong understanding of network architectures and communications, operating systems (e.g. Microsoft and Linux), web platforms, and databases in order to respond to incidents and determine incident roots causes.
• Experienced with log and event correlation tools specifically Splunk Enterprise and Enterprise Security and able to perform queries and reviews of alert information to determine possible security incidents. Experienced with creating and managing Splunk dashboards for event monitoring.
• Familiar with NIST and DHS US-CERT incident response requirements and guidelines.
• Ability to work independently and with other teams.
• Good writing, interpersonal and communication skills using standard office automation tools e.g. Microsoft Office.

WORKING CONDITIONS

Environmental Conditions

• Contractor site with 0%-10% travel possible. General office environment. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.

Strength Demands

• Sedentary - 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Physical Requirements

• Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or Pull

About Us!

Agile Defense provides leading-edge Digital Transformation solutions to support and advance our customers' mission. We deliver innovative and high-quality services to our customers worldwide through an empowered and engaged workforce.

Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. We believe several attributes are the root of our very best employees and extraordinary culture. We have named these attributes "The 6 H's" - Happy, Helpful, Honest, Humble, Hungry, and Hustle.

• Happy: We exhibit a positive outlook in order to create a positive environment.
• Helpful: We assist each other and pull together as teammates to deliver.
• Honest: We conduct our business with integrity.
• Humble: We recognize that success is not achieved alone, that there is always more to learn, and that no task is below us.
• Hungry: We desire to consistently improve.
• Hustle: We work hard and get after it.

These Core Values are present in all our employees and our organization's aspects. Learn more about us and our culture by visiting us here.

COVID-19 Vaccination Requirements

Agile Defense is subject to federal vaccine mandates or other customer/facility vaccination requirements as a federal contractor. As such, to protect its employees' health and safety and comply with customer requirements, Agile Defense may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)