Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.
The DHS SOC Support Service Contract has a need for a Tier 1 Email Security Analyst. This is a full time funded position based in Washington DC. This position does not have Telecommuting Options.
The ideal candidate will have a basic understanding of cyber threats, information security, and monitoring and detection. The candidate must be familiar with phishing campaigns and social engineering concepts in regard to email, intrusion detection systems, and netflow analysis.
Duties and Responsibilities:
Perform email security monitoring and threat detection. Proactively search for threats. Inspect mail traffic and alerts for anomalies and new attack patterns to identify true positives and recommend network firewall and email filtering adjustments. Investigate and analyze logs and email headers to differentiate spoofed vs compromised email. Provide analysis and response to alerts, and document activity in ESOC investigations and Security Event Notifications (SENs).
EDUCATION & EXPERIENCE:
Requires BS degree and 2 - 4 years of relevant experience or Masters with less than 2 years of relevant experience. Additional related experience and certifications may .be considered in lieu of a degree.
Minimum of a current Secret Clearance with the ability to obtain TS/SCI
In addition to specific clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
Between 1-3 years of Cyber Threat Analysis
Security+ Certification or equivalent in industry certification, background and knowledge.
Knowledge of TCP/UDP/IP networking, familiarity with packet analysis tools such as WireShark, and a general understanding of networking protocols similar to COMPTIA Network+, familiarity with or ability to learn regex