View all jobs

Incident Response Handler - Analyst - 3rd shift - ONSITE-REMOTE

Washington, DC · Information Technology
Visual Soft, Inc is seeking qualified  candidates to work on our efforts with a Prime for their end customer, a federal agency.
Position:: Incident Response Handler /Analyst - ONSITE/REMOTE  (US Citizenship is a MUST) - 50% ONSITE and 50% REMOTE from home
Location: US Courts (Washington, DC, next to Union Station metro)
Salary:  based on qualifications, experience and certifications
Shift 3: 11:30 PM to 7:30 AM (Mon - Fri)
Seeking an inquisitive and problem-solving Cybersecurity Incident Handler with 3 years security operations center (SOC) experience to support a federal agency enterprise SOC. 
The Cyber Security Incident Handler will support our customers in responding and notification from detection, response, mitigation, and reporting of cyber threats affecting 
everything on the client’s networks. The location is on-site in the Washington DC Metro area. This is a straight shift hours Monday to Friday, with one On-call rotation for the SOC or 
weekend rotations monthly.
  • Respond to cyber incidents, including responding to SOC IR phone calls and SOC emails from the client and customer POCs.
  • Provide support in the detection, responses, mitigation, and reporting of cyber threats affecting internal and external clients’ networks. 
  • Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in the cyber security operation center. 
  • Develop documentation, reports, briefs, and review SOPs with customer to give an accurate depiction of the current threat landscape and associated risk that is affecting the clients’ networks. 
  • Provide analysis for correlated information sources to the client which is notified by the Cyber SOC Team Lead or the Government Watch Officer. 
  • Act as a Subject Matter Expert in investigations for potential incidents at the SOC Tier 1 Level.
  • Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions. 
  • Work with SOC federal staff, Shift Lead, Senior Analyst to analyze, triage, contain, and remediate security incidents.
  • Follow Federal IRP, SOC SOPs and other prudent documentation procedures to work and be effective while having an eye towards process improvement/effectivity.
  • Knowledgeable on multiple technology and system types.
  • Experience with multiple types of attack types and attack vectors.
  • Experience involving a range of security technologies that product logging data; to include wide area networks host and network IPS/IDS/HIPS traffic event review, server web log analysis, raw data logs and the ability to communicate clearly both orally and in writing. 
  • Experience utilizing Splunk SIEM 2 plus years, writing and creating Splunk Search Processing Language (SPL), creating, and running queries, and performing analytics examination of logs and console events, as well as creating advance queries methods in Splunk or advance Grep Skills, firewall ACL Review, examining Snort based IDS events, PCAPS, and web server log review. 
  • Experience tracking incidents against a framework such as MITRE ATT&CK or Cyber Kill Chain methodology.
  • Forensic investigation of emails for phishing campaigns, spam emails and malware analysis experience/exposure.
  • Experience with multiple vendor technologies, such as Azure Sentinel, Microsoft 365 Security Center, FireEye (Trellix) suite of products, Domain Tools, Industry name Firewall/IPS, and OSINT tools. 
  • Experience using Helpdesk ticket capturing tools such as HEAT & ServiceNow. 
**No travel or parking reimbursement for working on site***
Education Requirement:  Bachelor’s degree, preferred but NOT required
Clearance requirement:  U.S. Citizenship is required.

Standard Benefits:
Our standard benefits include: Our standard benefits include 3 weeks of Paid time off (PTO that includes sick leave). Any unused PTO will be issued as a check at the end of an employee's anniversary with us. we also provide 2 floating and 8 public holidays. Floating and holidays expire at the end of every year of service of an employee. In addition, company will cover 50% of health and dental insurances only for all full time employees, however, dependents can be added at extra cost. Employee's health and dental coverage becomes effective after 30 days or first of the month after an employee completes initial 30 working days, we cover 50% for the employee's health and dental insurances.  Dependents coverage for health and dental insurances is available as an out of pocket expense for employees. An employee has to finish all of your paper work for health and dental in the first 30 days of your employment with us. We provide STD, LTD and one time salary equivalent of life insurance at NO cost to all full time employees. All full time employees or w-2 employees with no benefits will be eligible to participate in company's 401k program after 90 days of employment with a company match of 4%, immediate vesting.  In addition,  all w-2 employees are eligible to be part of company's profit sharing, no employee contributions required.
Powered by