Cyber Security Operations Specialist II - CSOC Tier 1

Cyber Security Operations Specialist II - CSOC Tier 1

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: TS/SCI with Polygraph

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Local

CACI's Transport & Cybersecurity Services (TCS) program has an immediate opportunity for a Cyber Security Operations Specialist (CSOC Tier 1) to join our talented team in Springfield, VA!

TCS offers a long-term, CACI prime contract opportunity supporting the National Geospatial-Intelligence Agency's (NGA) GEOINT mission. Our team of talented Network and Cybersecurity professionals help design, develop, procure, implement, operate/sustain, and enhance NGA networks and cybersecurity posture in support of national security. Joining the TCS Team means working with bleeding-edge technologies, on high performing cyber / network security teams, and gaining invaluable skills that can propel your career!
More about CACI's TCS program: https://careers.caci.com/global/en/tcs-jobs

Position Overview:

As the Cyber Security Operations Specialist, you will provide CSOC Tier 1 services, which is 24x7x365 coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents. CSOC Tier 1 services include recording, investigating, and processing events received via walk-ups, phone calls, email, chat, web, cybersecurity tools, and enterprise tools. The Cyber Security Operations Specialist will require a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level II (pre-hire requirement) and will be required to obtain/maintain a compliant CSSP Analyst certification within 120 days of start date (post-hire requirement).

More about your role:

• Utilize the SEIM to perform 24/7 monitoring, detection, and initial triage (identify, investigate, categorize, prioritize, ticketing, and forwarding) of events/alerts/incidents. The SIEM processes approximately 100,000 Correlated Events Per Second;
• Create tickets in the agency directed ticketing system for all alerts/incidents;
• Obtain and aggregate all artifacts, data, screen shots, and other products from assets within Network Security Services, Endpoint Security Services, Cybersecurity Data Analysis Services, and other NGA assets as needed to complete the ticket for higher tier analysis;
• Submit tuning requests as needed to Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services;
• Interact with and generate tickets on behalf of CSOC customers through multiple means of communication, to include but not limited to walk-ins, phones, web, email, and text-based chat systems;
• Document the steps used to analyze and triage an event/alert/incident with sufficient detail to enable the government and other contract services to systematically reconstruct after tier 1 analysis;
• Monitor the CSOC virus submit mailbox and perform initial assessment of emails to determine if they are SPAM, phishing emails, or malware;
• Provide custom metrics to support regular and ad hoc reporting requirements (e.g., incident category types, tools used, number of indicators, time opened at each step, trending statistics, service availability, system utilization, etc.);
• Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report

You'll Bring These Qualifications:

Clearance:

• TS/SCI (current); Ability to successfully pass/maintain a Government Polygraph (post-hire)

Certification(s):

• DoD 8140.01 / 8570.01-M IAT Level II Certification (current); Ability to obtain/maintain CSSP Analyst certification within 120 days of start (post-hire)

Education / Experience:

• Bachelors Degree and Four (4) years of relative work experience; to include Two (2) years experience in cyber / CSOC / network security. Additional experience may be considered in lieu of a degree.

Work Schedule:

• Ability to work One (1) or more of Five (5) work shifts

Skills & Technologies:

• TCP/IP
• Protocol analyzers
• Network protocols
• Cyber Attack Lifecycle
• Mitre Att&ck framework
• Obfuscation techniques (i.e. base64; rot13; XOR; URL encoding; etc.)
• Utilizing SIEM for event analysis

These Qualifications Would Be Nice to Have

• IAT Level III
• Scripting Skills (Bash or Python)
• Static file signatures (i.e. "Magic Numbers")
• Hex editor
• Javascript

What We Can Offer You:

• We've been named a Best Place to Work by the Washington Post.
• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive benefits and learning and development opportunities.
• We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities.
• For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success.

TCS2

Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.

As a federal contractor, CACI is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status.