Lead Security Operations Center Analyst Position Description CGI Federal is seeking qualified applicants for a Lead Security Operations Center Analyst position that will serve as part of a Security Operations Center (SOC)/Managed Security Service Provider team in Fairfax, VA. Qualified applicants will manage a team of analysts on the forefront of incident response, where they will utilize the latest in network security technology while providing Computer Network Defense and Information Assurance (IA) support to CGI Federal’s internal network as well as various commercial and federal customers. Your future duties and responsibilities Principle Duties and Responsibilities: The responsibilities of the Lead SOC Analyst include, but are not limited to: • Monitor and analyze network traffic and security event data. • Investigate intrusion attempts and perform in-depth analysis of exploits. • Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident. • Conduct proactive threat and compromise research and analysis. • Review security events that are populated in a Security Information and Event Management (SIEM) system. • Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident. • Conduct digital forensics and malware analysis triage analysis. • Independently follow procedures to contain, analyze, and eradicate malicious activity. • Document all activities during an incident and providing leadership with status updates during the life cycle of the incident. • Create a final incident report detailing the events of the incident • Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies. • Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions. • Provide guidance and mentorship to analyst team on investigative and response methodologies. Required qualifications to be successful in this role Required: Candidates should possess the following: 10+ years of experience• Minimum four years of experience in NID monitoring and incident response. • Familiarity with network security methodologies, tactics, techniques and procedures. • Experience with IPS/IDS, SIEMs and other CND security tools. • Ability to read and write Snort IDS signatures. • Experience reviewing and analyzing network packet captures. • Experience performing security/vulnerability reviews of network environments. • Possess a comprehensive understanding of the TCP/IP protocol, security architecture, and remote access security techniques/products. • Experience with enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns. • Have experience monitoring, detecting, and leading response efforts of advanced persistent threats. • Knowledge of digital forensic and static malware analysis techniques. • Experience generating and modifying network and host based indicators of compromise in .IOC format. • Working knowledge of network architecture. • Strong research background, utilizing an analytical approach. • Candidate must be able to react quickly, decisively, and deliberately in high stress situations. • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and interact with customers. • Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a team setting. • Ability and willingness to work shifts ranging within 7:00 AM EST – 11:00 PM EST. Additional Requirements: • At least four years of experience with security operations, computer network defense or intelligence analysis. Desired: • Industry recognized professional certification such as CISSP, GCIH, GCIA, Security+ • Past experience with or current understanding of government intelligence processes and systems. • Direct experience with Malware and Fusion analysis techniques and methodologies. • Scripting skills (e.g., PERL, Python, shell scripting) Due to the nature of the government contract, US Citizenship and the ability to hold a Top Secret security clearance is needed. At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company – one that has grown to 65,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients – and for our members. Come grow with us. Learn more at www.cgi.com.This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please.All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary depending upon specific assignment, or upon any US government security clearance if required. Qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, gender Identity, sexual orientation, national origin, age, disability, veteran status, pregnancy, or other status protected by law. CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information. Skills Reference 478262
At CGI, we are a team of builders. We call our employees members because all who join CGI are building their own company – one that has grown to 68,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients – and for our members. Come grow with us. Learn more at www.cgi.com.
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, protected veteran status or disability.