For the DIA Directorate of Science and Technology (DS&T), the Advanced Technology Integration Program (ATIP) provides IT managed services for Special Access Program (SAP) systems supporting activities to enable DIA's sensitive technical collection.
AT&T has an opening for a SOC-Cyber Analyst to support the ATIP systems in providing managed IT support of SAP-IT systems for high-priority defense intelligence collection needs and develop and field advanced technical collection capabilities and systems that leverage emerging methods, phenomenologies, and technologies.
- Responsible for security event monitoring, management, and response utilizing SEIM toolsets
- Develop and improve monitoring strategies and analyze threats, using state-of-the-art tools like HBSS, Splunk, ESM, NSM, Netflows, IDS, StealthWatch, and Forescout.
- Perform a deep-dive incident analysis by correlating data from various sources and determine if a critical system or data set has been impacted, advise on remediation, and provide support for new analytic methods for detecting threats.
- Conduct incident handling functions of containment, eradication and recovering, close out reports and lessons learned, escalate to a specialized analyst or SOC Manager for malware analysis, or adversity hunt mission.
- Review alerts to determine relevancy and urgency and communicate alerts to agencies regarding intrusions to the network infrastructure, applications, and operating systems.
- Create trouble tickets for alerts that signal an incident and require further Malware Analysis and Hunt Team Response.
- Collaborate with other teams to assess risk and develop improvement strategies for security posture.
- Monitor open source channels, including vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, and Security Focus to maintain a current knowledge of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
- Collect intrusion artifacts, including source code, malware, and Trojans and use discovered data to enable mitigation, write and publish CND guidance and reports, including engagement reports on incident findings to appropriate constituencies.
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
TS/SCI with Polygraph (#polygraph)
- A Bachelor’s Degree from an accredited institute in an area applicable to this position and 4+ (four or more) years of relevant experience; or 2+ years of relevant experience and a Masters degree; or 8+ years of relevant experience and no degree.
- Must be 8570 compliant (IAT Level 2) by date of security indoctrination with any necessary continuing education (CE) for certification. E.g. Security+ CE, CCNA Security, CySA+, GICSP, GSEC, SSCP, CASP CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH .
- This website describes what this means: https://resources.infosecinstitute.com/dod-8570-iat-certification-requirements/#gref
- Strong experience in monitoring network traffic, Cyber Analyses, investigating computer and information security incidents and Incident Handling.
- Skills commensurate with the duties and responsibilities.
- Good communication and people skills.
- Experience with Splunk, HBSS, ESM, NSM, Netflows, IDS, StealthWatch, Forescout or other Cyber Analyses, Cyber Network Monitoring/Analyses, Incident Handling, and SIEM systems preferred.
- Cyber Analyses / Ethical Hacking / Incident Handling / Cyber Forensics related Certifications e.g. CEH, CCNA-Security, CHFI, GCFE, GCFA, GPYC, GPEN, GSEC, etc. preferred.
- Cyber Forensics experience desired.
- Cyber Policy Certifications e.g. CISSP or CASP desirable, not required.
- MCSE or MCP desirable, not required.
AT&T a good place to be
I believe in AT&T and know they are at the edge of technology. The company believes in their people and offers all kinds of training to enable us to take on new jobs and to stay at the front of technology. The software defined network which we are building is the newest technology and AT&T has been involved since early 2000s. You have a great deal of autonomy at AT&T as long as you get the job done. You have the ability to do different jobs and to be challenged at all times.
I really have little negative to say about AT&T I have worked here for 35 years on March 23rd of 2016.Current Employee - PROFESSIONAL-NETWORK DESIGN ENGINEER+
- One Star Rating
- Two Star Rating
- Three Star Rating
- Four Star Rating
This is the life – the #LifeAtATT, that is. We’re creating what’s next and having a blast doing it. You’re looking for proof? Well, see for yourself.