Host based Systems Analyst /Senior SOC Analyst

Node provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based and network-based cybersecurity analysis capabilities. Contract personnel provide-front-line response for digital forensics/incident response (DFIR) and proactively hunt for malicious cyber activity. Node is seeking a Senior SOC Analyst to support this critical customer mission.

- Assisting Federal team leads with establishing and operating a Security Operations Center responsible for securing a highly dynamic environment supporting Incident Response and Threat Hunting experts- Configuring and monitoring the Security Information and Event Management (SIEM) platform for security alerts.- Scanning and monitoring system vulnerabilities on servers and infrastructure devices using a Threat and Vulnerability security solution; coordinating artifact collection operations.- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations- Collects network intrusion artifacts (e.g., PCAP, domains, URIs, certificates, etc.) and uses discovered data to enable mitigation of potential Computer Network Defense incidents- Collects network device integrity data and analyzes for signs of tampering or compromise- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information- Characterize and analyze artifacts to identify anomalous activity and potential threats to resources- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions- Research and test new security tools/products and make recommendations for tools to be implemented in the SOC environment- Planning, coordinating, and directing the inventory, examination, and comprehensive technical analysis of computer-related evidence- Distilling analytic findings into executive summaries and in-depth technical reports- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

- U.S. Citizenship

- Must be able to obtain DHS Suitability- Must demonstrate being a self-starter and give examples of leadership in customer-facing roles

- Experience with the analysis and characterization of cyber attacks- Skilled in identifying different classes of attacks and attack stages- Knowledge of system and application security threats and vulnerabilities - In-depth knowledge of CND policies, procedures, and regulations- In-depth knowledge and experience of network topologies - DMZs, WANs, etc. and use of Palo Alto products- In-depth knowledge and experience of Wifi networking- In-depth knowledge of TCP/IP protocols such as ICMP, HTTP/S, DNS, SSH, SMTP, SMB, - Experience using Elastic SIEM - Experience with vulnerability assessment and monitoring tools such as Security Center, Nessus, and Endgame- Experience with reconstructing a malicious attack or activity based on network traffic- Experience incorporating Threat Intelligence- Experience with Crowdstike, Gray Noise and Shodan-Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)- Must be able to work collaboratively across physical locations.

-Proficiency in Elastic SIEM engineering -Proficiency with Snort-Proficiency with other EDR Tools (Crowdstrike, Carbon Black, etc)-Proficiency with network analysis software (e.g. Wireshark) -Proficiency with carving and extracting information from PCAP data -Proficiency with non-traditional network traffic (e.g. Command and Control) -Proficiency with preserving evidence integrity according to standard operating procedures or national standards-Proficiency with designing cyber security systems and environments in a Linux -Proficiency with virtualized environments-Proficiency in conducting all-source research.

BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics and network forensic experience

- GSOM, GSOC, GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA

Node. Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.Our Core Values help us in our mission. They include:OUR CORE VALUESIdentifying the~RIGHT PEOPLE~and developing them to their full capabilitiesOur customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partnerWe believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellenceOur mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions

We are proud to offer competitive compensation and benefits packages to include: