• SOC Analyst - Tier III

    Location US-DC-Washington.
    Posted Date 2 weeks ago(2/6/2019 8:56 AM)
    Job ID
    # Positions
    Information Technology - Network Security
  • About NFF

    Networking For Future, Inc. (NFF) is a technology firm offering Network Services and Software services to our clients. As a Certified Cisco Gold Partner, NFF provides: network assessments, integration and design; IP telephony; wireless and Information Security. Software services practice includes: Application Development; Content Management Integration and Large database/ Data warehouse integration services as well as Professionals Services. We differentiate ourselves as an organization that focuses on people, both our clients and our employees. We are committed to empowering our employees by creating an environment for growth, partnership, respect and creativity. For the second year in a row NFF was named one of Inc. magazines Fastest Growing Private Companies.

    About this Position / Responsibilities


    The SOC Analyst - Tier 3 is cybersecurity technical resource responsible for providing technical analytical oversight over a team of Tier 2 and 1 SOC Analysts to monitor, detect, analyze, remediate, and report on cybersecurity events and incidents impacting the technology infrastructure of the Government of the District of Columbia. The ideal candidate will have an advanced technical background with significant experience in an enterprise successfully leading a SOC team or unit responsible for analysis and correlation of cybersecurity event, log, and alert data. The candidate will be skilled in understanding, recognition, and root-cause detection of cybersecurity exploits, vulnerabilities, and intrusions in host and network-based systems.



    ·         Utilize advanced technical background and experience in information technology and incident response handling to scrutinize and provide corrective analysis to escalated cybersecurity events from Tier 2 analysts—distinguishing these events from benign activities and escalating confirmed incidents to the Incident Response Lead.

    ·         Provide in-depth cybersecurity analysis, and trending/correlation of large data-sets such as logs, event data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cybersecurity incidents and make sound technical recommendations that enable expeditious remediation.

    ·         Proactively search through log, network, and system data to find and identify undetected threats.

    ·         Support security tool/application tuning engagements, using McAfee ESM and McAfee ePO, with analysts and engineers to develop/adjust rules and analyze/develop related response procedures, and reduce false-positives from alerting.

    ·         Identify, verify, and ingest indicators of compromise and attack (IOC’s, IOA’s) (e.g., malicious IPs/URLs, etc.) into network security tools/applications to protect the Government of the District of Columbia network.

    ·         Quality-proof technical advisories and assessments prior to release from SOC.

    ·         Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.

    ·         Report common and repeat problems, observed via trend analysis, to SOC management and propose process and technical improvements to improve the effectiveness and efficiency of alert notification and incident handling.

    ·         Formulate and coordinate technical best-practice SOPs and Runbooks for SOC Analysts.

    ·         Respond to inbound requests via phone and other electronic means for technical assistance and resolve problems independently. Coordinate escalations with Incident Response Lead and collaborate with internal technology teams to ensure timely resolution of issues.



    ·         Three to five years of demonstrated operational experience as a cybersecurity analyst/engineer handling and coordinating cybersecurity incidents and response in critical environments, and/or equivalent knowledge in areas such as; technical incident handling and analysis, intrusion detection, log analysis, penetration testing, and vulnerability management.

    ·         In-depth understanding of current cybersecurity threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.

    ·         In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network- and host-based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.

    ·         Strong communication, interpersonal, organizational, oral, and customer service skills.

    ·         Strong knowledge of TCP/IP protocols, services, and networking.

    ·         Knowledge of forensic analysis techniques for common operating systems.

    ·         Adept at proactive search, solicitation, and detailed analysis of threat intelligence (e.g., exploits, IOCs, hacking tools, vulnerabilities, threat actor TTPs) derived from open-source resources and external entities, to identify cybersecurity threats and derive countermeasures, not previously ingested into network security tools/applications, to apply to protect the Government of the District of Columbia network.

    ·         Excellent ability to multi-task, prioritize, and manage time and tasks effectively.

    ·         Ability to work effectively in stressful situations.

    ·         Strong attention to detail.



    ·         Undergraduate or Masters’ degree in computer science, information technology, or related field.

    ·         SANS GCIA, GCED, GPEN, GCIH or similar industry certification desired.




    • 5+ years of Hands-On Operational Experience As A Cybersecurity Analyst/Engineer In A Security Operations Center
    • Prior Work With Cybersecurity Attack Countermeasures For Adversarial Activities Such As Malicious Code and DDOS (2+ years)
    • In-Depth Hands-On Experience Analyzing And Responding To Security Events And Incidents With A Security Information And Event Management System (2+ years)
    • Strong knowledge of cybersecurity attack methodology to include tactics and techniques, and associated countermeasures. (2+ years)
    • Strong Knowledge Of Tcp/Ip Protocols, Services, Networking, And Experience Identifying, Analyzing, Containing, And Eradicating Cybersecurity Threat (2+ years)
    • 6-10 yrs developing, maintaining, and recommending enhancements to IS policies/requirements
    • 6-10 yrs performing vulnerability/risk analyses of computer systems/apps
    • 6-10 yrs identifying, reporting, and resolving security violations 

    1) Undergraduate degree in computer science, information technology, or related field.
    2) SANS GCIA, GCIH, GCED, GPEN, or similar industry certification desired.

    This position requires shift work, and the capacity to be on-call after hours and in support of emergency and special event operations. This position does not require a U.S. Government security clearance. A background check to include criminal and credit check is required. On-going travel is not anticipated.


    NFF Disclosures

    NFF provides a competitive salary and benefits package including health insurance (medical, prescription, dental, and vision), life and disability insurance, PTO, paid holidays, 401 (k) match, Flexible Spending Accounts, Commuter benefits, and educational assistance. Please visit the careers page of our website ( for more details.


    We are an Equal Opportunity Employer and do not discriminate on the basis of race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation or any other classification protected by Federal, state, or local law. NFF is subject to certain governmental recordkeeping and reporting requirements for the administration of civil rights laws and regulations and affirmative action. In order to comply with these laws, we invite you to voluntarily self-identify your gender, race and ethnicity. Submission of this information is voluntary and refusal to provide it will not subject you to any adverse treatment. The information will be kept confidential and will only be used in accordance with the provisions of applicable laws, executive orders and regulations, including those that require the information to be summarized and reported to the federal government. When reported, data will not identify any specific individual. This information will not be shared with hiring managers, will be kept separate from your application data and will not affect any employment decisions.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed