General Job Information
Appointment Type (duration): Term Appointment
CBU Position: No
Area of Consideration: Open to Public
This position is located in the Government of the District of Columbia, Office of the Chief Technology Officer (OCTO) Headquarters, 200 I Street SE, Washington, DC, 20003. The purpose of this position is to serve as a Tier 2 technical SOC analyst responsible for providing day-to-day monitoring, detection, analysis, coordination, and remediation of cybersecurity events impacting the technology infrastructure of the Government of the District of Columbia. This position acts as an advanced escalation point for Tier 1 SOC analysts, and for verification and management of cybersecurity events. This role leads technical staff and provides in-depth cybersecurity analysis, and trending of log, event data, and alerts from diverse network devices and applications (e.g., McAfee SIEM, Check Point firewall, etc.) within the enterprise to identify and troubleshoot specific cybersecurity events and make sound technical security recommendations that enable expeditious remediation. This position supports security tool/application (e.g., McAfee SIEM) tuning engagements with analysts and engineers to develop/adjust rules and analyst response procedures and reduce false-positives from alerting.
This position utilizes advanced background and experience in cybersecurity incident response handling to scrutinize escalated events handed-off from Tier 1 SOC analysts—distinguishing these events from benign activities and false-positives, and escalating confirmed incidents to the incident response lead. This role works with large data sets (e.g., system logs) to correlate data analysis of systems or enterprise-wide cybersecurity events. This position will be adept at proactive search of the internet and other sources to identify cybersecurity threat intelligence to apply to protect the Government of the District of Columbia network. This position will search, recognize, verify, and ingest indicators of compromise (IOC’s) for attacker tools, tactics, and procedures into network security tools/applications (e.g., Palo Alto content filter, etc.) to protect the Government of the District of Columbia network.
This position will identify cybersecurity event management gaps and develops job aids and standard operating procedures to improve the effectiveness of the SOC’s event management. This position will respond to inbound requests via phone and other electronic means for technical security assistance, resolve problems independently utilizing sound decision making, and coordinate event escalations and collaborate with organizational internal technology teams to ensure timely resolution of issues. The incumbent should have excellent analytical and problem resolution skills to include root-cause analysis of cybersecurity events and corrective action.
The role will have excellent communication, organizational, customer service skills, strong attention to detail, and possess proven ability to work effectively in fast-paced and stressful situations.
Licensures, Certifications and other requirements
This position requires successful passing of criminal, credit, and standard background and reference checks.
This position has an Essential or Emergency Employee Designation. The incumbent may be required in essential or emergency situations or when authorized by the agency head to perform critical tasks.
This positions is designated as a Security Sensitive position subject to a mandatory Pre-employment and Biennial Criminal Background checks, and a pre-employment Consumer Credit Check.
Graduation from an accredited college or university with a bachelor’s degree in computer science, information technology, or related field is desired.
GCIA, GPEN, GCED, GCIH or similar industry certification desired.
Five years of hands-on operational experience as a cybersecurity analyst/engineer in a security operations center, or equivalent knowledge in areas such as; cybersecurity operations, technical incident analysis and handling, vulnerability management, log analysis, and intrusion detection.
In-depth understanding of current cybersecurity threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, malicious code activity such as ransomware, worms, trojans, viruses, etc.
In-depth hands-on experience analyzing and responding to security events and incidents with most the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network- and host- based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
Excellent communication, interpersonal, organizational, oral, and customer service skills.
Strong knowledge of TCP/IP protocols, services, networking.
Adept at proactive search of the Internet and other sources to identify cybersecurity threats and derive countermeasures not previously ingested into network security tools/applications.
Excellent ability to multi-task, prioritize, and manage time and tasks effectively.
Ability to work effectively in stressful situations.
Strong attention to detail.
The incumbent must have at least one (1) years of specialized experience equivalent to the grade 13- level in the District of Columbia Government services.
Previous experience leading a SOC team or unit responsible for analysis and correlation of cybersecurity event data.
Skilled in understanding, recognizing, and detecting cybersecurity events, and vulnerabilities in host and network-based systems.
Experience with review of firewall, network flow, IDS, and system logs, and familiarity with host forensics.
Experience with leading and managing technical cybersecurity staff for advanced projects, and ability to speak and write clearly and effectively and to deal with others in a diplomatic but persuasive manner.
Proficient in formulating technical best practice SOPs/manuals for SOC analysts.
Excellent analytical and problem resolution skills to include root-cause analysis of cybersecurity events and corrective action..
Excellent communication, organizational, and customer service skills, and strong attention to detail.
Proven ability to work effectively in fast-paced and stressful situations
Must have IT-related experience demonstrating each of the four competencies listed below:
1. Attention to Detail – Is thorough when performing work and conscientious about attending to detail.
2. Customer Service – Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
3. Oral Communication – Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
4. Problem Solving – Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Work will be performed within an office setting
Our Office of Human Capital Management will review your resume and supporting documentation to ensure minimum qualifications required for this position are met. Applicants who fail to demonstrate through their resume they meet specialized experience will not be qualified for this position. In essence, you must first demonstrate you are proficient at the 13 grade level (see above), before you can be considered for the higher grade level 14.