Cybersecurity Operations Specialist (Active Clearance Required) with Security Clearance

at World Wide Technology
Published February 9, 2024
Location Arlington, VA
Category Default  
Job Type Full-time  


Why WWT? At World Wide Technology, we work together to make a new world happen.Our important work benefits our clients and partners as much as it does our people and communities across the globe. WWT is dedicated to achieving its mission of creating a profitable growth company that is also a Great Place to Work for All. We achieve this through our world-class culture, generous benefits and by delivering cutting-edge technology solutions for our clients. WWT was founded in 1990 in St. Louis, Missouri. We employmore than10,000 peoplegloballyand closed nearly $20 billion in revenue in 2023. We have an inclusive culture and believe our core values are the key to company and employee success. WWT is proudto have been included onthe FORTUNE "100 Best Places to Work For" list 12 years in a row! Want to work with highly motivated individuals on high-performance teams? Join WWT today! We are looking for aCyber Security Operations Specialistto join our Government Services team within Public Sector to support our clientfully on-site in St. Louis, MO or Springfield, VA. Why should you join the Government Services team? Our Government Services team provides cleared resources with a global reach to federal civilian, Department of Defense (DoD) and intelligence community markets. We excel at delivering innovative, operationally ready and cost-effective IT solutions that accelerate the interoperability and resiliency of mission critical systems. Want to learn more about Government Services? Check us out on our platform: What will you be doing? We are seeking mission-focused individuals to provide various levels of Cybersecurity services to our customer from either Springfield, VA (or) St. Louis, MO. Our team of Cyber Security Operations Specialists provide Tiered Services our customer, which is 24x7x365 coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents. Location(s):St. Louis, MO or Springfield, VA Clearanceneeded to start:Active secret needed to start, but must be willing to obtain a TS/SCI. Responsibilities:
* Provide cyber threat intelligence services for the collection, fusion, analysis, creation, and distribution of threat intelligence from government entities, commercial feeds, open sources, and other partners to obtain situational awareness of the threat environment.
* Provide cyber threat intelligence services on an expanded 12x5 service support level during core hours and on-call support with two-hour response time during non-core hours.
* Cyber threat intelligence services shall develop and disseminate reports and tippers to internal and external stakeholders based on events, alerts, and incidents on customer systems and networks.
* Implements and monitors security measures for communication systems, networks, and provide advice that systems and personnel adhere to established security standards and Governmental requirements for security on these systems.
* Receive tickets from other Cybersecurity Operations Services sub-services and conduct detailed analysis to validate any event/alert/incident
* Categorize, prioritize, investigate, and assess cybersecurity events/alerts/incidents to identify the extent and scope of the event/alert/incident and what impact there is on the operation or systems
* Update and forward tickets to other Cybersecurity Operations Services to customer as needed
* Collect, aggregate, and analyze artifacts and evidence from all available tools, knowledge sources, and data artifacts to determine and document the who, what, when, where, why and how of an intrusion, its extent, how to limit damage, and how to recover
* Submit custom signatures and tuning requests as needed to Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services
* Assists the C-IRT by assessing ongoing incident activity to predict adversary responses and locations of compromise
* Documents tickets and analysis to a level of detail sufficient to reconstruct the analyst's analysis, to include but not limited to the steps taken, timelines, and data required to justify the analyst's assessment
* Provide custom metrics reports including incident category types, tools used, number of indicators, time opened at each step, trending statistics, service availability, system utilization, etc.
* Provide input to the daily CSOC Significant Activity, Operations, and the weekly CSOC Status Report
* Advanced Cybersecurity Analytics, coordinate with Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services to develop or tune rules/signatures/scripts
* Utilize the SIEM to perform 24/7 monitoring, detection, and initial triage (identify, investigate, categorize, prioritize, ticketing, and forwarding) of events/alerts/incidents.
* Cyber Incident Quality Control Services - Conduct Quality Control reviews of a percentage closed Tier II tickets each week to ensure proper analysis, categorization, documentation, and notification
* Cyber Threat Intelligence Services - Conduct emerging threat and intelligence fusion analysis
* Cyber Threat Emulation Services; Develop, test, and when properly authorized, execute custom scripts, programs, and/or other capabilities to emulate cyber threats to include Cyber Data Presentation Services
* Cyber Hunt Services/Planned Hunt Services; update, and document tickets in the authorized ticketing system to initiate the incident response. Qualifications:
* Active secret needed to start, but must be willing to obtain a TS/SCI.
* Bachelor's Degree in a Technical field (i.e. Information Technology, Information Systems, Computer Science)
* 1-6 years' experience working in Cyber Security related role such as * Operating Host Based Security System (HBSS), firewalls, Intrusion Prevention Systems, Intrusion Detection Systems, other point of presence security tools, Virtual Private Networks, and related security operations.
* Experience with Cyber Incident Response Team (C-IRT) Services
* Must have an active DoD 8570 IAT Level II certification, and be able to obtain/maintain a CSSP Analyst certification within 6 months of start date.These Qualifications Would be Nice to Have:
* IAT Level III
* CSSP Analyst certification
* CSSP Incident Responder certificationDiversity, Equity, and Inclusion is more than a commitment at WWT -- it is the foundation of what we do. Through diverse networks and pipelines, we have a clear vision: to create a Great Place to Work for All. We believe inclusion includes U. Be who U are at WWT! The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
* Health and Wellbeing: Heath, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program * Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement * Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Military Leave, Bereavement * Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount ProgramEqual Opportunity Employer Minorities/Women/Veterans/Individuals with Disabilities