DUTIES AND RESPONSIBILITIES

The incumbent will utilize advanced technical background and experience in information technology and incident response handling to scrutinize and provide corrective analysis to escalated cybersecurity events from Tier 1 and 2 SOC Analysts - distinguishing these events from benign activities and escalating confirmed incidents to the Incident Response Lead Tier 3 Analysts and/or SIEM Engineer. Provides in-depth cybersecurity analysis, and trending/correlation of large data-sets such as logs, event data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cybersecurity incidents and make sound technical recommendations that enable expeditious remediation. Proactively searches through log, network, and system data to find and identify undetected threats.

Supports security tool/application tuning engagements, using McAfee ESM and McAfee ePO, with analysts and engineers to develop/adjust rules and analyze/develop related response procedures, and reduce false-positives from alerting. Identifies and ingests indicators of compromise and attack (IOC’s/IOA’s) (e.g., malicious IPs/URLs, etc.) into network security tools/applications to protect the Government of the District of Columbia network. Quality-proofs technical advisories and assessments prior to release from the SOC. Coordinates with and provides in-depth technical support to enterprise-wide technicians and staff to resolve confirmed incidents. Reports common and repeat problems, observed via trend analysis, to SOC management and Tier 3 SOC Analysts and proposes process and technical improvements to improve the effectiveness and efficiency of alert notification and incident handling. Formulates and supports development of technical best-practice SOPs and Runbooks for SOC Analysts. Responds to inbound requests via phone and other electronic means for technical assistance and resolve problems independently with minimal supervision. Coordinates escalations with Tier 3 SOC Analysts and collaborates with internal technology teams to ensure timely resolution of issues. Performs other related duties as assigned.