Job Information
SOS International LLC Cyber Incident Handling Analyst Senior in Wiesbaden, Germany, Germany
Overview
SOS International LLC (SOSi) is seeking a Cyber Incident Handling Analyst Senior to support our customer in Weisbaden Germany. The Cyber Incident Handler will perform analytic analysis of cyber relate events to detect and deter malicious actors using SIEM technologies, which correlate multiple security tool alerts and logs.
Essential Job Duties
Manage day to day technical and personnel responsibilities of the Incident Response Operations Team
Monitor SIEM platforms for alerts, events, and rules providing insight into malicious activities and/or security posture violations
Review intrusion detection system alerts for anomalies that may pose a threat to the customers network
Identify and investigate vulnerabilities, assess exploit potential, and suggest analytics for automation in the SIEM engines
Report events through the incident handling process of creating incident tickets for deeper analysis and triage activities.
Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers.
Issue triage steps to local touch labor organizations and Army units to mitigate or collect on-site data.
Perform post intrusion analysis to determine shortfalls in the incident detection methods
Develop unique queries and rules in the SIEM platforms to further detection for first line cyber defenders.
Monitor the status of the intrusion detection system for proper alert reporting and system status
Respond to the higher headquarters on incidents and daily reports
Provide daily updates to Defensive Cyber Operations staff on intrusion detection operation and trends of events causing incidents
Prepare charts and diagrams to assist in metrics analysis and problem evaluation, and submit recommendations for data mining and analytical solutions
Draft reports of vulnerabilities to increase customer situational awareness and improve the customers cyber security posture
Assist all sections of the Defensive Cyber Operations team as required in performing Analysis and other duties as assigned
Minimum Requirements
An active in scope Top Secret/SCI clearance is required
Bachelor in related discipline +7, AS +9, major certification +9 or 13+ years specialized experience
Must meet DoD 8140 DCWF 531 requirements (4-11-C32-255S (CP) or 4C-255N (CP) or 4C-255A (CP) or A-531-0045 or A-531-0022 or CySA+ or CFR or GCFA or GCIA or GDSA or GCIH or GICSP or CCE).
Must meet DoD 8140 DCWF 511 requirements(4-11-C32-255S (CP) or 4C-255N (CP) or 4C-255A (CP) or M0923W1 or A-531-0045 or A-531-0022 or A-531-4417 or WSS 012 or CySA+ or CBROPS or CFR or FITSP-O or GCIA or GDSA or GICSP or GCFA).
Must have one of the following additional certifications (Cisco CyberOps Professional, GCED, GCFA, GCFE, GCIH, GNFA, DCITA CIRC, FIWE or Offensive Security OSDA)
Must have a full, complete, and in-depth understanding of all aspects of Defensive Cyber Operations
Must have a good breadth of knowledge of common ports and protocols of system and network services
Experience in packet captures and analyzing a network packet
Experience with intrusion detection systems such as Snort, Suricata, and/or Zeek
Experience with SIEM systems such as Splunk and/or ArcSight
Must have the demonstrated ability to communicate with a variety of stakeholders in a variety of formats
Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process
Preferred Qualifications
Bachelors degree in Engineering, Computer Science, or Mathematics
Experience with writing Snort or Suricata IDS rules
Experience with writing complex Splunk SPL queries to correlate lookup tables with event logs to identify anomalies
Experience with analyzing packets using Arkime or Wireshark
Experience with Microsoft Windows event IDs
Experience with Linux audit log analysis
Familiarity with Git and VScode
Experience with one or more scripting languages such as PowerShell, Bash, Python
Work Environment
Working conditions are normal for an office environment.
Potential to work on multiple shifts in a rotation schedule covering a 24/7/365 mission
On site in Wiesbaden, Germany
Fast paced, deadline-oriented environment.
May require periods of non-traditional working hours including consecutive nights or weekends (if applicable)
SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
SOS International LLC
- SOS International LLC Jobs