Lead NSOC Analyst

TIAG is now hiring a Lead Network Security Operations Center (NSOC) Analyst to join our team in support of the Office of Naval Research (ONR) in Arlington, VA. Candidates must possess an active Secret Clearance and meet DoD IAWF IAT Level II qualifications to be considered. This is a full time onsite position.

The Lead NSOC Analyst will assist the ONR in maturing the Network Security Operations Center (NSOC). The Analyst will directly support the NSOC Team working in collaboration with the Information Assurance (IA)/Cybersecurity/Computer Network Defense (CND) Team to perform security information and event management (SIEM) tasks and other network operations support tasks.

Responsibilities:

• Analyzes information security requirements, translates requirements into security designs, implements security designs, and tests effectiveness.
• Provides Threat Reconnaissance for the Information Systems Security Manager (ISSM) and Operations team using all available tools and information.
• Possesses and employs working knowledge of standard information security products including Security Information Event Management Tools, Access Control Lists, intrusion detection systems (IDS), Endpoint Security, vulnerability testing and security analysis tools.
• Demonstrates competence in all phases of security requirements analysis and information security system design as well as available products and management practices.
• Understands U.S. Government security policy including DoD and appropriate civil agencies such as NIST, as well as commercial best practices.
• Conducts system integration of Uses the Trellix product suite to evaluate and act on events.
• Operates, understands, and provides Cyber Analyst reports from the Trellix ESM/SIEM tool, Trellix ePO/HBSS tool, Splunk, MDE, SolarWinds and understands Cyber Security Products such as Tenable/ACAS - Nessus scanner.
• Assists in the development and tuning of automated response playbooks using Security Orchestration, Automation, and Response (SOAR) platforms and coordinates with solution providers and vendors as needed.
• Investigates and initiates Incident Response and Incident Handling procedures for SIEM events; maintains and continuously improves the NSOC Incident Response Plan.
• Generates, monitors, and tracks incidents generated by the SIEM suite through resolution.
• Ingests and correlates threat intelligence feeds (e.g., Indicators of Compromise (IOCs), MITRE ATT&CK, Information Sharing and Analysis Centers (ISACs) with SIEM data to proactively identify and respond to evolving threats.
• Assists IA by validating enclave and subsystems and providing proper logging, log retention, and providing accurate audit trails per NIST requirements.
• Provides a continual assessment of network device configuration and compliance ensuring rouge devices are located and removed for the system as soon as possible.
• Reviews and provides guidance on the proper implementation of DISA Security Technical Implementation Guide (STIG) requirements to Operations team.
• Serves as Cyber Security technical liaison between Government leads, Network Security Operations, Operations team, and IA team concerning implementation of
• Develops and presents security metrics, trend analysis, and executive briefings to senior leadership regarding ONR's threat posture and NSOC performance.
• Reviews, implements, and continuously enhances technical security measures and controls based on evolving risk and operational needs.
• Develops, reviews, and updates NSOC operational policies and incident response processes to align with ONR mission requirements and evolving cybersecurity standards.
• Leads and mentors junior NSOC analysts to ensure knowledge transfer, standard operating procedure adherence, and ongoing team development.

Required Qualifications:

• Bachelor's degree
• 5+ years of experience related to Cyber Analysis and Security
• Experience and familiarity with Trellix Suite and/or SIEM tools/technology, ServiceNow ticketing system, Splunk, Azure Boards and ITSM Framework
• Experience with End Point Detection and Response (EDR) tools such as Microsoft Defender for Endpoint (MDE).
• IAT Level II certification (Security+ CE or equivalent) AND Operating System (OS)/Computing Environment (CE) certification
• Active Secret Clearance or interim Secret Clearance

TIAG is an equal opportunity and affirmative action employer that does not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. TIAG's policy applies to all terms and conditions of employment. To achieve our goal of equal opportunity, TIAG maintains an affirmative action plan through which it makes good faith efforts to recruit, hire, and advance in employment qualified minorities, women, individuals with disabilities, and protected veterans.

Pay Range: $130,000 - $145,000 per year