Security Operations Center (SOC) Analyst

Crystal City, Virginia
23 Nov 2016
09 Dec 2016
Contract Type
Full Time
Jacobs Technology Information Solutions Group (ISG) provides information technology solutions and services to a broad range of both Government and private industry, including Department of Defense, Federal Civilian agencies, healthcare, education, and small/medium business market. Our analysts, engineers, and technicians are highly trained, qualified subject matter experts, understanding each segments specialized business processes, requirements, and functions. Combined with an extensive IT background, Information Solutions Group's enhanced IT services enable our clients to analyze existing business processes, identify process improvements, evaluate associated risks, and develop operational solutions.

The Security Operations Center (SOC) Analyst supports the Joint Strike Fighter (JSF) Program located in Crystal City, VA. The selected candidate will:

  • Perform system and network analysis of suspected or potential security incidents
  • Audit and report all F-35 Program IT systems and subsystems
  • Use DoD provided and required tool suites and other approved tools/methods to perform vulnerability assessments to support C&A compliance and security controls
  • Provide evidentiary requirements such as executing forensics technical and gathering results on any computing assets such as mobile devices to support any investigation, inquiry, or litigation
  • Assist in the process of systems certification as directed by the F-35 CIO
  • Evaluate target systems to analyze results of scans, identify resolutions, develop POA&M, make recommendations, and continuously monitor requirements

The Security Operations Center (SOC) Analyst must have:

  • Must have experience in SOC/NOC environment
  • Demonstrated knowledge in network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing
  • Familiarity (Experience) with security and monitoring tools (i.e. LogRhythm, HBSS, ACAS, SolarWinds , Splunk, Fortinet, IDS/IPS, SIEM, PMI, ITIL, ISO 9000, and CMMI, and tools), easily transitioning from one methodology to the other
  • Develops metrics and reports on intelligence and incidents for senior management
  • Minimum of 10 years of information technology experience
  • Minimum of four (4) years' experience with in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs
  • Designs and develops cyber incident response and handling program, including framework and processes
  • Provides oversight and coordination of cyber incident response (e.g., technical investigations including detect, contain, eradicate, recover stages, forensics)
  • Implements and maintains cyber incident response processes and technology (e.g., EnCase) to support computer and network forensics
  • Identifies incident/breach trends and incorporate them into training activities to reduce the likelihood of future incidents/breaches
  • Utilizes advanced analytics (key risk and performance indicators) to leverage internally and externally sourced cyber threat intelligence and historical security data to produce signatures and other techniques to detect and track APTs (Advanced Persistent Threats)
  • Conduct ongoing malware analysis, including reverse engineering on viruses, worms, Trojans, adware, spyware, backdoors, and rootkits affecting various assets
  • Examine and analyze electronic media to produce a report of findings that is sufficiently detailed and clear to a point it could be used in a legal case when/if required
  • Assist personnel in identifying observable criteria, features, or traits that the personnel can use to identify the presence of malware on the network
  • Provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation
  • Responsible for designing and implementing solutions for protecting the confidentiality, integrity and availability (CIA triad) of sensitive information
  • Provides technical evaluations of customer systems and assists with making security improvements
  • Participates in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization
  • Conducts testing and audit log reviews to evaluate the effectiveness of current security measures
  • Will provide guidance and coordination for incident response efforts including triage, evaluation, coordination and executive reporting
  • Contribute to the creation, update and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that impact multiple platforms or methodologies
  • Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response
  • Assess the impact of potentially malicious traffic on company network and infrastructure
  • Perform in-depth analysis in support of network monitoring and incident response operations
  • Perform live incident response (reactive (active monitoring) and proactive (passive monitoring) incident management) by identifying and remediating malicious applications and infrastructure components
  • Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity including Security sensor policies for IDS/IPS, Firewalls, web security gateway and logging
  • Security review and administration of changes to networks, servers and end point devices in collaboration with network operations
  • Familiarity with the REMEDY ticketing system

Highly Desired:

  • Continuous Control Monitoring including Baseline Security (REMEDY)
  • Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials
  • Be able to work in fast paced environment with occasional on-call activities.
  • Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis

This position requires a Bachelor's degree in Computer Science, Information Sciences, or related IT discipline with 10 years of related experience. An IAM Level III certification is required: GSLC, CISM, CISSP, or CASP. The minimum of an active interim Secret or Secret level DoD security clearance is required.

Jacobs ISG is proud to be an EEO/AA Employer.

Essential Functions

Work Environment

Inside office/cubicle environment. Requires ability to interact professionally with co-workers and all levels of management (100%).

Physical Requirements

Requires sitting for extended periods of time at a desk (90%). Requires sitting at a computer terminal for long periods of time (90%). There is a possibility that due to parking availability and location of work area walking moderate to long distances can sometimes be required.

Equipment and Machines

Requires ability to operate a personal computer, a telephone, copier, and other general office equipment (100%). Ability to conduct evaluation of third and fourth generation or current state of the art computer hardware and software and its ability to support specific requirements, interfacing with other equipment and systems.


Attendance is critical. Work hours are normally 8 hours per day and 5 days per week, Monday through Friday. Being prompt is important to provide continuous and on-going service to customers. Attendance is important to maintain continuity of service. Work outside of normal duty hours may be required with as little as one hour advance notice. Overtime is infrequent, but important when required (1%).

Other Essential Functions

Must be able to communicate effectively, both verbally and in writing. Must be able to interface with individuals at all levels of the organization. Must be able to obtain and retain a security clearance. Must be a U.S. citizen. Must be able to obtain unescorted access to work areas. Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. An IAM Level III certification is required: GSLC, CISM, CISSP, or CASP. The minimum of an active interim Secret or Secret level DoD security clearance is required.