The Security Analyst (Level 3) will perform responsibilities as the technical lead and incident responder for General Dynamics Land Systems’ Security Operations Center (SOC), leading technical investigations for security incidents, overseeing process improvements, and driving implementation of new capabilities. Serve as a technical escalation resource for other SOC Analysts and provide mentoring for skill development. Partner with IT Engineers to implement and improve technology and process to enhance SOC monitoring, investigation, and response.
• Uses SIEM software intended to ensure that GDLS systems are secure from unauthorized use, viral infection, and other problems that would compromise sensitive information in terms of confidentiality, integrity, and availability, or would compromise other aspects of overall system security.
• Performs internal audits on security logging systems.
• Serve as an escalation resource and mentor for other analysts
• Perform investigation and escalation for complex or high severity security threats or incidents
• Work with SIEM Engineering and other security partners developing and refining correlation rules
• Work on complex tasks assigned by leadership, which may involve coordination of effort among Level 1/2 analysts
• Coordinate evidence/data gathering and documentation and review Security Incident reports
• Assist in defining and driving strategic initiatives
• Create and develop SOC processes and procedures working with Level 2 Analysts
• Provide recommendations for improvements to GDLS’s Security Policy, Procedures, and Architecture based on operational insights
• Define and assist in creation of operational and executive reports
• Define tool requirements to improve SOC capabilities
• Provide leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow.
• Interacts with the user community to understand business needs for firewall requests. Approves and implements valid requests in the firewall.
• Interacts with GDLS business partners to understand and maintain connectivity requirements.
• Supports the email relay team to manage spam and phishing rules
• Shares threat intelligence from GDLS through the GD ISAC to the rest of the corporation.
• Reviews firewall logs to make recommendations to management to adjust our security posture.
• Must have networking experience and understand the TCP/IP stack.
• Must have very good written and verbal communication skills.
• Must have strong analytical skills.
• Must be detail-oriented, independent and organized.
• Must have experience with Microsoft Office products: Excel, PowerPoint, and Visio.
• Must have experience with Qradar SIEM (log parsing and analysis skillset).
• Should have experience with related firewall management systems like NSM and Panorama.
• Should be familiar with as many of these logging methods and formats as possible: Windows, UNIX, Cisco devices, Juniper and Palo Alto firewalls, Symantec AV Suite, and various web applications.
• Must have incident investigation and response skill set
• Must have knowledge of current threat landscape (threat actors, APT, cyber-crime, etc)
• Must have knowledge of malware operation and indicators
• Should have experience with scripting
• Should have experience in mentoring and training junior analysts
• Bachelor of Science degree majoring in Computer Science or Information Assurance. Other degrees will be considered with relevant experience.
• Security Certifications Preferred but not Required (Including but not limited to the following certifications):
- SANS/GIAC Intrusion Analyst (GCIA) training / certification
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- Networking Certifications (CCNA, etc)
- Platform Certifications (Microsoft, Linux, Solaris, etc)
• 5 - 10 years minimum on the job experience in intrusion correlation/analytics using Qradar SIEM tool, incident handling/response, and security operations. Ability to conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats. Advanced knowledge and expertise of using SIEM technologies for event investigation. College degree in related field or equivalent work experience.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
General Dynamics Land Systems is committed to working with and providing accommodations to individuals with a disability. Candidates who require a reasonable accommodation due to disability for any part of the application or hiring process may contact firstname.lastname@example.org for assistance. Determination of requests for reasonable accommodation are made on a case-by-case basis.