What you’ll be doing...

You’ll handle day-to-day triage, investigation, and mitigation of security threats, as well as short-notice ad hoc work, and see them through to completion. You’ll provide critical value to the RSA Security Analytics management service, leveraging their extensive knowledge to provide context about security events. Providing recommendations for remediation actions and suggestions for implementing best practices, you’ll improve standard processes and procedures. And you’ll play a key role in helping us protect our business and our customers.

  • Performing active real-time security monitoring.
  • Conducting advanced security event detection and threat analysis for complex and/or escalated security events.
  • Providing log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions.
  • Developing internal and external documentation, such as detailed procedures, playbooks, and operational metrics reports.
  • Coordinating with Senior Analysts and/or Duty Manager for high priority incidents.

As a Security Analyst for the GNOSC (Government Network Operations and Security Center), your primary responsibility is to ensure federal managed security customers receive professional service and prompt response to their needs. You will support the 24x7 Floor Operations / Service Desk function for our managed security service customers – this means initiating and working incident management tickets and responding to trouble calls/emails from customers. You are often the first to see an issue, or the issue may have been escalated from another team/managemenJob functions include security incident analysis (60%) change management (10-20%), performing device and health monitoring as well as systems maintenance (10-20%). The position is full time – eight hours per day andall candidates/employeesmust be willing to workall of the various shifts:7 a.m. - 3 p.m. ;3 p.m. - 11 p.m.; and 11 p.m. -7 a.m. Days worked will either be Sunday through Thursday or Tuesday through Saturday.This position will work all hours in the Security Operations Center located in Ashburn, Virginia.

Responsibilities:

  • Performing active real-time security monitoring through Splunk
  • Day-to-day triage, investigation, and mitigation of security threats, as well as short-notice ad hoc work, and see them through to completion
  • Analytics investigation to determine if there is a real security incident or a false positive, notifying customers as needed, and sending customers standardized emails specifying the steps they need to take to fix the problems
  • Conducting advanced security event detection and threat analysis for complex and/or escalated security events
  • Providing log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions
  • Provide critical value to the RSA Security Analytics management service, leveraging their extensive knowledge to provide context about security events
  • Provide recommendations for remediation actions and suggestions for implementing best practices, you’ll improve standard processes and procedures. And you’ll play a key role in helping us protect our business and our customers
  • Processing change requests relating to security devices such as firewalls, intrusion detection systems and RSA SecurID servers
  • Device and health monitoring including troubleshooting network connectivity problems concerning managed security devices, often time working with Advanced Support Team engineers and/or vendors/partner technology teams on device replacement/reconfig
  • Prepare Shift turnover and Shift Report to ensure continuous smooth continuous workflows between shifts
  • Developing internal and external documentation, such as detailed procedures, playbooks, and operational metrics reports
  • Coordinating with Senior Analysts and/or Duty Manager for high priority incidents

What we’re looking for...

You’re a critical thinker and enjoy solving complex problems by employing listening skills in a dynamic environment. Staying abreast of the latest technologies and security vulnerabilities enables you to use your knowledge in real time to solve problems.

You'll need to have:

  • Associate's degree or two or more years of work experience.
  • Three or more years of relevant work experience.
  • Experience with security incident monitoring and threat investigations.
  • Willingness to work one weekend a month.

Even better if you have:

  • Bachelor's degree.
  • SANS or other Security industry certifications such as GCIA, GCIH, GREM, or GPEN ITIL Foundations training / certification.
  • Hands-on experience with SIEM platforms, such as Security Analytics, Splunk, or ArcSight, Firewalls, Intrusion Detection/Prevention Systems, Proxies, Web Applications, and/or Penetration Testing.
  • Strong network, TCP/IP and endpoint skills.
  • Linux and scripting experience.
  • Understanding of databases and windows processes.
  • Strong understanding of attack vectors and how systems are compromised.
  • Capability to effectively multi-task, prioritize work, and handle competing interests.
  • Experience performing QA functions.

You'll need to have:

  • Associate's degree or two or more years of work experience investigating network security threats
  • Two or more years of relevant work experience as a security analyst investigating network security threats
  • Experience with security incident monitoring and threat investigations
  • Experience with packet capture/payload analysis, incident handling from a dashboard/ticketing system. Additional security vendor technology experience a plus
  • Experience in a Security Operations Center
  • Must have, or be able to qualify for, a government clearance at the public trust level
  • Must be able to work a variety of shifts that are: (7a.m.-3p.m.), (2 p.m. - 11 p.m.) and (11 p.m. - 7 a.m.). Days worked will be Sunday - Thursday or Tuesday - Saturday


Even better if you have:

  • Bachelor's degree
  • Active security clearance at a public trust level or above
  • SANS or other Security industry certifications such as GCIA, GCIH, GREM, or GPEN ITIL Foundations training / certification
  • Hands-on experience with SIEM platforms, such as Security Analytics, Splunk, or ArcSight, Firewalls, Intrusion Detection/Prevention Systems, Proxies, Web Applications, and/or Penetration Testing.
  • Strong network, TCP/IP and endpoint skills
  • Linux and scripting experience
  • Experience with ArcSight, Splunk, Kibana Elasticsearch, Cisco ASA, JunOS, Fortinet, Sourcefire, Checkpoint, Tripwire, Palo Alto, Bluecoat Proxy
  • Knowledge of ITIL and/or previous work in an ISO operating environment
  • Understanding of databases and windows processes
  • Strong understanding of attack vectors and how systems are compromised
  • Capability to effectively multi-task, prioritize work, and handle competing interests
  • Experience performing QA functions

22CyberOPS 22CyberVES

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.