SIEM Analyst

Description

Contingent Contract Award

Connected Logistics is looking for a Security Information and Event Management (SIEM) Analyst to assist GPO in the development, maintenance, and maturing of the current GPO IT Zero Trust Architecture.

The SIEM Support Analyst shall perform MDE support activities to include preparation of Task Order Management Plans, cost analyses, activity and project tracking schedules, risk registers, and risk and issue mitigation strategies for all GPO SOC activities. This task consists of the following subtasks:

Log Management

1. Review of ingestion and normalization of logs
2. Ability to ingest and analyze all common log formats
3. Consulting on log storage method and pricing tier 
4. Consulting on cost management recommendations for log pricing 

Sentinel 

1. Sentinel management with regularly updated baseline 
2. Continuous deployment of updated rules 

Threat Intelligence

1. Disburse threat intelligence to key employees
2. Ability to share hardening recommendations and update baseline from lessons learned across full client base 

Staff support

1. Educational development – ability to leverage Microsoft partnership and team’s technical knowledge to hold workshops and training on Azure and M365 Cloud Services 
2. Continuous Improvement
3. Review of Architecture to look for gaps in cybersecurity solution
4. iDrive efficiencies in logging and log storage

Program Management Support

1. Recurring operational touchpoints
2. Quarterly Executive Management reviews

Automated Response

Utilize an expert system designed to enhance security investigations by leveraging comprehensive data analysis capabilities. It seamlessly integrates both external and internal data sources to gather, correlate, and analyze entity-related information, ensuring a holistic view of each security case. The expert system employs sophisticated algorithms to cross-reference and validate data, making precise determinations or enriching cases with substantial evidence. This process not only aids analysts in making informed decisions but also accelerates the incident response time by providing actionable insights and detailed context. By automating the investigation workflow, our expert system significantly reduces the manual effort required, allowing security teams to focus on more complex threats and strategic initiatives.

24x7x365 monitoring of security events

1. Desktop Advanced End Point Detection and Response threat detection and threat response services related to an advanced end point detection and response technology such as Microsoft Defender, 365 Defender, Defender for Office, Trellix, etc.
2. Server Security Detection and Response – threat detection and threat hunting services to quickly detect and investigate endpoint attacks related to Server Endpoints
3. Firewall Security Monitoring Service – Monitor and Management of security and system health-related alarms. Alerting and Notification of validated attack threats on primary Firewall, Network Devices
4. AD User Monitoring - Monitoring, Logging and Reporting of active directory security user’s behavior security alarms. Alerting and Notification of validated attack threats according to applicable user activity.
5. Monitoring Microsoft Sentinel instances
6. Ability to analyze syslog and CEF 
7. Custom alerting capabilities based on business requirements.

Incident Handling support

1. Incident management support for SOC 
2. Recurring operational reviews with designated SOC Lead
3. Provide recommended best business practices when responding to events

Requirements

• 3 yr. working knowledge of GCC-H/GCC required.
• All approved candidates will be required to pass a GPO public trust background check ahead of onboarding.
• Knowledge of one or more below technologies: Microsoft Sentinel, Microsoft Azure, Microsoft DfE, Xacta 360/IO, Zscaler, FedRamp, Cloudflare, Netwitness, Tenable IO, Nexpose, Armis, Trellix HX/CM, ServiceNow.

Connected Logistics respects the need for confidentiality for all applicants.

Connected Logistics offers an excellent benefits package that includes health, dental, vision, life and disability insurance, a great 401(k) package, and generous Paid Time Off.

EQUAL OPPORTUNITY EMPLOYER. It is our policy to abide by all federal, state and local laws prohibiting employment discrimination solely on the basis of a person’s race, religious creed, color, national origin, ancestry, physical disability, mental condition (including, but not limited to, cancer related or HIV related), marital status, sex, gender (including sex stereotyping), age, sexual orientation, military status, or any other protected status except where a reasonable, bona fide occupational qualification exists