Affiliated Computer Services, Inc. (ACS) is expertise in action™. We are a FORTUNE 500 company with 74,000 employees worldwide supporting client operations reaching more than 100 countries. We provide business process outsourcing and information technology solutions to world-class commercial and government clients. Our employees operate with integrity, and are flexible, reliable and responsive.
We are looking for a Security Operations Center Analyst who has 3+ years experience supporting first level IDS monitoring, analysis, and incident response for information security alert events.
Other Requirements:
Candidate must have strong written and oral communication skills.
Candidate must be a team player with demonstrated initiative to work without constant guidance.
Candidate must have an intermediate understanding of host/network common vulnerabilities and exploits (CVEs), hacker methodologies and tactics, and the tools used.
Ideal candidate willhave an intermediate understanding of and experienced in the use of tools such as Trace Route, Visual Route, Ethereal, Nessus, know how to perform packet captures, TCPDumps and the use and function of other commonly used security tools.
Candidate must have an intermediate understanding of the TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services.
Candidate must have an understanding of routing protocols, switching, etc.
Candidate must have experience with host platform vulnerability assessment and hardening standards and methodologies.
Candidate must have an intermediate knowledge common routing and switching CLI commands
Candidate must have an understanding of common OS and domain structures (WindowsNT, 2000 Active Directory, etc.), servers, services, and associated vulnerabilities.
Desired Skills/Abilities:
Previous employment in a SOC, CSIRT, or on a Security Response Team employed in the capacity as a Level I/II Analyst is preferable.
Candidate should have experience with event monitoring and analysis of events presented on a Security Information Management/Event Management System (SIM/SEM) – preferably RSA enVision.
Candidate should have an intermediate understanding of and experience with the monitoring and the analysis of Firewall logs, router logs, syslogs, and network/host-based Intrusion Detection/ Prevention systems (IDS/IPS), SNORT is preferred.
Candidate should have experience with the tuning of IDS/IPS, firewall ACL’s and rule sets.
Candidate should have experience with VLANs, SPANs and RSPANs on network devices.
Candidate should have experience with Linux, Red Hat, etc. hosts, operating systems, and applications.
It is preferable that candidate have previousIT Security/Information training through such sources as SANS, etc.
Preference for certification: MSCE, RSA enVison training, CCNA and SSIM training, etc
Education Requirements
Bachelor’s degree in a related field, or equivalent work experience.
Years of Experience Required
· Minimum of 5-10 years of related technical support experience
· 5+ years of experience with TCP/IP based technologies and protocols
Experience with regulatory compliance laws and business drivers including SOX, HIPAA, GLBA, PCI, and others.
ACS is an Equal Opportunity Employer and does not Discriminate against any applicant on the basis of race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance. People with disabilities who need a reasonable accommodation to apply or compete for employment with ACS may request such accommodations by calling or by sending an e-mail to accommodations@acs-.
Experience: • Candidate must have strong written and oral communication skills.
• Candidate must be a team player with demonstrated initiative to work without constant guidance.
• Candidate must have an intermediate understanding of host/network common vulnerabilities and exploits (CVEs), hacker methodologies and tactics, and the tools used.
• Ideal candidate will have an intermediate understanding of and experienced in the use of tools such as Trace Route, Visual Route, Ethereal, Nessus, know how to perform packet captures, TCPDumps and the use and function of other commonly used security tools.
• Candidate must have an intermediate understanding of the TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services.
• Candidate must have an understanding of routing protocols, switching, etc.
• Candidate must have experience with host platform vulnerability assessment and hardening standards and methodologies.
• Candidate must have an intermediate knowledge common routing and switching CLI commands
• Candidate must have an understanding of common OS and domain structures (WindowsNT, 2000 Active Directory, etc.), servers, services, and associated vulnerabilities.
Desired Skills/Abilities:
• Previous employment in a SOC, CSIRT, or on a Security Response Team employed in the capacity as a Level I/II Analyst is preferable.
• Candidate should have experience with event monitoring and analysis of events presented on a Security Information Management/Event Management System (SIM/SEM) – preferably RSA enVision.
• Candidate should have an intermediate understanding of and experience with the monitoring and the analysis of Firewall logs, router logs, syslogs, and network/host-based Intrusion Detection/ Prevention systems (IDS/IPS), SNORT is preferred.
• Candidate should have experience with the tuning of IDS/IPS, firewall ACL’s and rule sets.
• Candidate should have experience with VLANs, SPANs and RSPANs on network devices.
• Candidate should have experience with Linux, Red Hat, etc. hosts, operating systems, and applications.
• It is preferable that candidate have previous IT Security/Information training through such sources as SANS, etc.
• Preference for certification: MSCE, RSA enVison training, CCNA and SSIM training, etc
Apply to this job