AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Intelligence Community. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers' mission.
For the DIA Directorate of Science and Technology (DS&T), the Advanced Technology Integration Program (ATIP) provides IT managed services for Special Access Program (SAP) systems supporting activities to enable DIA's sensitive technical collection.
AT&T has an opening for a SOC-Cyber Analyst to support the ATIP systems in providing managed IT support of SAP-IT systems for high-priority defense intelligence collection needs and develop and field advanced technical collection capabilities and systems that leverage emerging methods, phenomenologies, and technologies.
- Responsible for security event monitoring, management, and response utilizing SEIM toolsets
- Develop and improve monitoring strategies and analyze threats, using state-of-the-art tools like HBSS, Splunk, ESM, NSM, Netflows, IDS, StealthWatch, and Forescout.
- Perform a deep-dive incident analysis by correlating data from various sources and determine if a critical system or data set has been impacted, advise on remediation, and provide support for new analytic methods for detecting threats.
- Conduct incident handling functions of containment, eradication and recovering, close out reports and lessons learned, escalate to a specialized analyst or SOC Manager for malware analysis, or adversity hunt mission.
- Review alerts to determine relevancy and urgency and communicate alerts to agencies regarding intrusions to the network infrastructure, applications, and operating systems.
- Create trouble tickets for alerts that signal an incident and require further Malware Analysis and Hunt Team Response.
- Collaborate with other teams to assess risk and develop improvement strategies for security posture.
- Monitor open source channels, including vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, and Security Focus to maintain a current knowledge of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
- Collect intrusion artifacts, including source code, malware, and Trojans and use discovered data to enable mitigation, write and publish CND guidance and reports, including engagement reports on incident findings to appropriate constituencies.
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
TS/SCI with Polygraph (#polygraph)
- A Bachelor's Degree from an accredited institute in an area applicable to this position and 4+ (four or more) years of relevant experience; or 2+ years of relevant experience and a Masters degree; or 8+ years of relevant experience and no degree.
- Must be 8570 compliant (IAT Level 2) by date of security indoctrination with any necessary continuing education (CE) for certification. E.g. Security+ CE, CCNA Security, CySA+, GICSP, GSEC, SSCP, CASP CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH .
- This website describes what this means: https://resources.infosecinstitute.com/dod-8570-iat-certification-requirements/#gref
- Strong experience in monitoring network traffic, Cyber Analyses, investigating computer and information security incidents and Incident Handling.
- Skills commensurate with the duties and responsibilities.
- Good communication and people skills.
- Experience with Splunk, HBSS, ESM, NSM, Netflows, IDS, StealthWatch, Forescout or other Cyber Analyses, Cyber Network Monitoring/Analyses, Incident Handling, and SIEM systems preferred.
- Cyber Analyses / Ethical Hacking / Incident Handling / Cyber Forensics related Certifications e.g. CEH, CCNA-Security, CHFI, GCFE, GCFA, GPYC, GPEN, GSEC, etc. preferred.
- Cyber Forensics experience desired.
- Cyber Policy Certifications e.g. CISSP or CASP desirable, not required.
- MCSE or MCP desirable, not required.
AT&T will consider for employment qualified applicants in a manner consistent with the requirements of federal, state and local laws. AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.