Junior SOC Analyst - Hybrid

Hybrid - Onsite 1 day per week (Tuesdays)

XOR Security an Agile Defense Company is seeking a SOC Analyst to support IT Security Staff (ITSS) with the Security Operations Center's Incident Response (IR) capabilities. The ITSS within OCIO manages the enterprise IT security program for the Institution. ITSS works closely with IT staff and other personnel from throughout the Institution on IT security initiatives and processes. ITSS consists of the Security Operations Center (SOC), Systems Risk Management (SRM), PCI Compliance, and Security Architecture & Engineering. The SOC Analyst will be responsible for working as part of an integrated security team composed of federal employees and contractors from multiple companies. The SOC analyst will also support the day-to-day IR activities and will be responsible for the daily review of security events.

Hours: 12pm - 8pm, Monday - Friday.

Duties:

• Investigate security events using various OCIO and industry tools to identify potential incidents, and performing actions to contain incidents in progress.
• Monitoring and analyzing logs and alerts from a variety of different systems and tools across multiple platforms in order to respond and report suspected or actual security breaches.
• Developing procedures for use, interpretation, and response to the monitoring and alert information collected.
• Monitoring security systems and events to detect and investigate threats, identifying and analyzing traffic trends, assessing the impact of security alerts and traffic anomalies on the Smithsonian network in order to make appropriate recommendations.
• Daily and hourly monitoring of the SOC’s incident reporting email box.
• Support IR team activities in response to security incidents. Activities include but to limited to ensuring completion of the incident from detection thru closure, leading IR meetings and analysis with other SI units, providing situational awareness information to SI units, correlating multiple alert and incidents to determine widespread attacks, and providing incident status reports to SI management and other stakeholders.
• Maintaining and updating the incident management tool to reflect the SOC’s IR procedures.
• Performing in-depth analysis and forensics, analyzing incident data, recommending solutions, coordinating response activities, and preparing reports for management.
• Support IR team during incidents to mitigate the incident and improve the security posture to reduce the likelihood of an incident occurring.
• Reporting incidents to appropriate external entities and coordinating with OIG investigators, US-CERT, and law enforcement as appropriate based on SI policies.
• Creating and maintaining applicable IR plans and procedures.
• Developing IR training and exercise materials.
• Coordinating and conducting periodic IR training sessions and exercises.
• Creating and reporting metrics on the effectiveness of the IR procedures.
• Advising system owners and administrators on improving techniques for detecting and logging potential incidents.
• Collecting, preserving, and interpreting electronic evidence related to incident investigations.
• Supporting information gathering and preparing responses to various data calls and assessment conducted by various external organizations to include but not limited to Office of Management and Budget (OMB), Department of Homeland Security (DHS), and U.S. Government Accountability Office (U.S. GAO).
• Coordinating with internal Smithsonian organization.

Required qualifications:

• 1 + year of experience
• Bachelors Degree 
• Experienced with using Splunk Enterprise Security to review security events and perform searches. Familiar with Spunk risk-based analysis features.
• Previously supported a security operations center and support IT security incident response activities.
• Proven analytical skills to assess and respond to various IT security incidents.
• Broad technical background with strong understanding of network architectures and communications, operating systems (e.g. Microsoft and Linux), web platforms, and databases in order to respond to incidents and determine incident roots causes.
• Experienced with log and event correlation tools specifically Splunk Enterprise and Enterprise Security and able to perform queries and reviews of alert information to determine possible security incidents. Experienced with creating and managing Splunk dashboards for event monitoring.
• Familiar with NIST and DHS US-CERT incident response requirements and guidelines.
• Ability to work independently and with other teams.
• Good writing, interpersonal and communication skills using standard office automation tools e.g. Microsoft Office.

Closing Statement:

XOR Security an Agile Defense Company offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security an Agile Defense Company is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance RequirementApplicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.