|Published||June 8, 2022|
|Location||St. Louis, MO|
Want to work with highly motivated individuals that come together to form high performance team? Come join WWT today! We are looking for a Cyber Security Operations Specialist to join our Government Services team within Public Sector to support our client onsite in St. Louis, MO or Springfield, VA .
Why should you join the Government Services team?
Our Government Services team provides cleared resources with a global reach to federal civilian, Department of Defense (DoD) and intelligence community markets. We excel at delivering innovative, operationally ready and cost-effective IT solutions that accelerate the interoperability and resiliency of mission critical systems.
Want to learn more about Government Services? Check us out on our platform:
- Provide cyber threat intelligence services for the collection, fusion, analysis, creation, and distribution of threat intelligence from government entities, commercial feeds, open sources, and other partners to obtain situational awareness of the threat environment.
- Provide cyber threat intelligence services on an expanded 12x5 service support level during core hours and on-call support with two-hour response time during non-core hours.
- Cyber threat intelligence services shall develop and disseminate reports and tippers to internal and external stakeholders based on events, alerts, and incidents on customer systems and networks.
- Implements and monitors security measures for communication systems, networks, and provide advice that systems and personnel adhere to established security standards and Governmental requirements for security on these systems.
- Receive tickets from other Cybersecurity Operations Services sub-services and conduct detailed analysis to validate any event/alert/incident
- Categorize, prioritize, investigate, and assess cybersecurity events/alerts/incidents to identify the extent and scope of the event/alert/incident and what impact there is on the operation or systems
- Update and forward tickets to other Cybersecurity Operations Services to customer as needed
- Collect, aggregate, and analyze artifacts and evidence from all available tools, knowledge sources, and data artifacts to determine and document the who, what, when, where, why and how of an intrusion, its extent, how to limit damage, and how to recover
- Submit custom signatures and tuning requests as needed to Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services
- Assists the C-IRT by assessing ongoing incident activity to predict adversary responses and locations of compromise
- Documents tickets and analysis to a level of detail sufficient to reconstruct the analyst's analysis, to include but not limited to the steps taken, timelines, and data required to justify the analyst's assessment
- Provide custom metrics reports including incident category types, tools used, number of indicators, time opened at each step, trending statistics, service availability, system utilization, etc.
- Provide input to the daily CSOC Significant Activity, Operations, and the weekly CSOC Status Report
- Advanced Cybersecurity Analytics, coordinate with Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services to develop or tune rules/signatures/scripts