Cyber Security Operations Specialist I - CSOC Tier I – St. Louis, MO (NCW)
Cyber Security Operations Specialist I - CSOC Tier I - St. Louis, MO (NCW)
Position ID: RISA20220808-OP073
FSLA Classification: Exempt
Location: St. Louis, MO, 63118
Anticipated Start Date: Immediate Job Opening
Required Security Clearance: Must already possess and be able to maintain an active DoD TS/SCI security clearance.
Must already have or have held SCI within the last 2 years.
Must have the ability to obtain and maintain a CI polygraph within 6 months of start date.
COVID Policy: As directed by Executive Order 14042, all current and newly hired employees are required to be fully vaccinated for COVID-19 and provide proof of vaccination, except where they are legally entitled to an exemption/accommodation.
The Cyber Security Operations Specialist will provide CSOC Tier 1 services, which is 24x7x365 coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for events and incidents. CSOC Tier 1 services include recording, investigating, and processing events received via walk-ups, phone calls, email, chat, web, cybersecurity tools, and enterprise tools.
· Utilize the SEIM to perform 24/7 monitoring, detection, and initial triage (identify, investigate, categorize, prioritize, ticketing, and forwarding) of events/alerts/incidents. The SIEM processes approximately 100,000 Correlated Events Per Second;
· Create tickets in the agency directed ticketing system for all alerts/incidents;
· Obtain and aggregate all artifacts, data, screen shots, and other products from assets within Network Security Services, Endpoint Security Services, Cybersecurity Data Analysis Services, and other NGA assets as needed to complete the ticket for higher tier analysis;
· Submit tuning requests as needed to Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services;
· Interact with and generate tickets on behalf of CSOC customers through multiple means of communication, to include but not limited to walk-ins, phones, web, email, and text-based chat systems;
· Document the steps used to analyze and triage an event/alert/incident with sufficient detail to enable the government and other contract services to systematically reconstruct after tier 1 analysis;
· Monitor the CSOC virus submit mailbox and perform initial assessment of emails to determine if they are SPAM, phishing emails, or malware;
· Provide custom metrics to support regular and ad hoc reporting requirements (e.g., incident category types, tools used, number of indicators, time opened at each step, trending statistics, service availability, system utilization, etc.);
· Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report
· Must have DoDD 8140.01 and DoD 8570.01-M IAT Level II certification. (Note: A minimum of CompTIA Security+ CE is required as a pre-hire requirement.)
· CSSP Analyst certification (Within 6 months of date of hire)
(Note: see below for which certifications qualify – You only require one of the certifications listed under CSSP Analyst, in addition to CompTIA Security+ CE.)
o If applicant does not already have one of the following certifications, applicant will be allowed six months from job start date to obtain the certification.
· CCNA Cyber Ops
Bachelor’s Degree and two (2) years of job related experience in a Cyber Security Operations Center (CSOC) environment.
Additional experience may be considered in lieu of a degree.
· 2 years related technical job related experience in a Cyber Security Operations Center (CSOC) environment
Professional Office Environment; must be able to sit at a desktop or laptop computer for extended periods of time.
· While performing the duties of this job, the employee is regularly required to sit, stand, talk, hear and use hands and fingers to operate a computer and telephone.
· Must be able to communicate regularly via telephone and verbally present information to employees, customers and outside vendors.
Work Schedule/Expected Hours of Work:
· Requires ability to work weekends and evening hours as needed
· 40 hours per week (various shifts available and will be discussed during the interview process - you will be assigned one shift and shifts are not rotated)
· The start and end times may actually vary a little from what is listed here.
Day - Shift 0600-1400
Mid - Shift 1400-2200
Eve - Shift 2200-0600
· This job description is not designed to cover or contain a comprehensive listing of activities, duties and responsibilities that are required of the employee.
· Other duties, responsibilities and activities may change or be assigned at any time with or without notice.
Travel Estimated: No travel is expected.
Limited to per diem allowed in accordance with the Joint Travel Regulations/Federal Travel Regulations (JTR/FTR) for pre-approved travel if required.
United States Citizenship is required.
RISA is an emerging technologies service provider focused on the continuity of network operations and elimination of risk to ensure the confidentiality, integrity, and availability of critical business processes and data. RISA seeks professionals who are excited by technical challenges and driven by the opportunity to use their knowledge, skills, and abilities in helping our customers meet mission requirements. Our success comes from the talent and commitment of our dedicated employees driven in providing valuable services to our customers. Come along for the journey and perhaps you can be part of our growth and success. RISA offers a comprehensive benefits package that includes:
RISA is an Equal Opportunity Employer