USACares Jobs

Job Information

SMS Data Products Group Defense Cyber Ops, Sr. SOC Analyst - Incident Handler in Arlington, Virginia

SMS is seeking a Senior SOC Analyst / Incident Handler will demonstrate expert-level knowledge in Computer Incident Response Team (CIRT) operations in a large organization. In addition, they will contribute to a team of Active Detection & Prevention (ADP) professionals working with Intrusion Detection System (IDS) software and hardware, writing reports, briefing event details to leadership, and coordinating remediation within large/complex networks. The Incident Handling Branch provides incident analysis, forensics, reverse engineering, and fusion reporting to provide JSP leadership, customers, and appropriate agencies situational awareness on current and emerging threats, as well as indications and warnings (I&W). Incident Handling Branch response services includes the actions taken to report, analyze, coordinate, and respond to any event or computer security incident for the purpose of mitigating any adverse operational or technical impact. Incident Response includes the coordinated development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery. At the same time, it ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or Counterintelligence (CI) or Law Enforcement (LE) investigations. The work location is at the Pentagon and is support of the Pentagon Classified and Unclassified Networks.

As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.

SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 40 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit

Submit your resume today!

Responsibilities include, but are not limited to the following:

•Demonstrate over 5 years of experience in Intelligence Community (IC) reporting of cyber threats and MUST have experience with CJCSM 6510.01B.

• Demonstrate expert-level knowledge of network traffic and communications, including known ports and services.

• Demonstrate a knowledge of the Windows operating system, knowledge in various Linux distributions and the Unix framework.

• Demonstrates knowledge of the following security related technologies: IPS, IDS, SIEM, firewalls, DNS, encryption, HIDS, NIDS, proxies, Network Packet Analyzers, malware analysis, forensic tools, and enterprise level appliances.

• Demonstrate an understanding of various open source and commercial analysis tools used for incident analysis, both network and host-based.

• Demonstrate understanding of DoD accreditation policies, processes, and practices.

• Demonstrate expert-level knowledge in planning, directing, and managing Computer Incident Response Team (CIRT) operations in an organization similar in size to this acquisition.

• Expert proficiency in conducting research and analysis, compiling relevant all source intelligence to incorporate into analytical products and technical briefings.

• Demonstrate the capability to deliver presentations to senior leaders and in a conference setting.

• Demonstrate expert ability to analyze and identify relationships and trends between incidents in the short term and patterns across incidents in the long term and report trend analysis in quarterly and yearly trend analysis reports.

• Demonstrate the expert ability to write detailed technical reports that can be consumed by multiple types of consumers.

• Demonstrate expert ability to extract actionable information and indicators from intelligence reporting and articulate to network defenders to update network security posture.

• Demonstrate knowledge of cultural, linguistic, and other behavioral aspects of threat actor capabilities and intent.

• Demonstrate knowledge of threat intelligence tradecraft, structured analytic, contrarian, and imaginative analytic techniques.

• Demonstrate expert knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).?

• Demonstrate knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., central processing units [CPUs], network interface cards [NICs], data storage).?

• Demonstrate expert ability to analyze of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT])

Required Qualifications:

  • BS degree in a technical field?(4+ years of experience in Incident Response in lieu of a degree).

  • ?6+ years of Incident and Malware analysis experience within DoD or IC environment.

  • Knowledge of Cyber Collection Management, Dissemination, Artifact Analysis.

Attribution/Mitigation Methodology:

  • Knowledge/Understanding of the Diamond Model Concept.

  • Familiar with DoD hierarchy and reporting chain.

  • Situational Awareness of how to perform report research on U (OSINT)/S/TS.

  • Basic networking and PCAP deciphering capabilities.

DoD 8570 IAT Level III.

  • CISSP or CISM certifications (preferred).

DoD 8570 Computing Environment.

  • DoD 8570 IASAE/CND Certification.

  • CEH, Sec+, CASP+ certification.

Top Secret (TS) – Sensitive Compartmented Information (SCI).

Excellent verbal and written communication skills.

SMS is an Equal Opportunity Employer.

ID: 2021-3549

Clearance Requirement: TS/SCI

Required / Preferred Certifications: CEH, CASP+CE, CISSP, Security+CE

8140 (Formerly 8570) Compliance: None

External Company Name: SMS Data Products Group, Inc.