Accenture Federal - ISCM/Continuous Monitoring Lead in St. Louis, Missouri
Organization: Accenture Federal Services Location: San Antonio, TX We Are:
Accenture Federal Services, bringing together commercial innovation with the latest technology to unleash the potential for our federal clients. Every day we bring bold thinking and diverse disciplines to solve problems in new ways. Ready to learn as much as you can? We’ll give you numerous opportunities of formal & informal training sessions to keep your tech smarts sharp.
As Team Lead of the Information Security Continuous Monitoring (ISCM) Team, perform the following tasks: Monitoring of security events, trend analysis, and tuning security event related signatures. Monitor, organize, and coordinate correspondence for emails received to the SOC Inbox, update Standard Operating Procedures (SOPs), and coordinate with Incident Response staff to effectively contain and recover from cyber incidents. Support and coordinate eDiscovery and Freedom of Information Act (FOIA) requests. Monitor security event feeds for availability and throughput, to quickly identify any gaps in available telemetry. Ideally, candidate will have Cloud experience in AWS or Azure.
Job Responsibilities Include:
Use SOC monitoring devices (SIEM, IDS, DLP) to review and analyze pre-defined events indicative of incidents.
Monitoring dashboards and intrusion detection and prevention systems (IDS/IPS)
Assisting in recommendations for content to detect incidents, including IOCs for blocking and detection.
Performing initial analysis and investigation into alerts as they are seen (to include anti-virus and phishing alerts
Performing initial malware analysis utilizing automated means
Supporting cyber defense functions to protect our clients from cyber security incidents that have potential to cause negative impact
Incident intake, ticket updates and reporting of cyber events
Understanding, identifying and researching IOCs
Uploading packets and evaluating source/destination activity and payloads
- Support Authorizing Official briefings (monthly), sustained and continuous enhancements supporting risk posture/framing, including heat map of highest "risk" systems
Metric collections, analysis, dashboard via the ISCM Portal
Collaboration with other teams to assess requirements to achieve Ongoing Authorizations (ISSO / ATO)
Provide analysis and outreach to customers related to overdue patching and vulnerabilities (>30 days in age for Critical/High, >60 days for Moderate)
Produce dashboards via Tenable SecurityCenter for management briefs, risk posture, end-of-life software in Enterprise (examples)
RedSeal is on the horizon for support and to validate all the above
Assist in risk assessment formulation and research/analysis
Here’s What You Need:
Bachelor’s Degree and 7+ years of Cyber / SOC / Monitoring Work Experience OR 9 + years with an Associates
Monitoring of security events, trend analysis, and tuning security event related signatures to include cloud applications
Cyber and/or IT Work Certification (i.e Security+ Certification)
Bonus Points If:
Experience working with Security Information and Event Management (SIEM) solutions is a plus
Experience monitoring AntiVirus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools and other security tools found in large enterprise network environments
Familiarity with various network and host based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages. Host based forensics and malware analysis experience.
Previous experience working in a large government or corporate enterprise environment.
Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC).
RSA Security Analytics / NetWitness
Splunk, including Splunk for Enterprise Security
McAfee ePO, HIPS
FireEye NX, EX, HX
Important Eligibility Requirements
US Citizenship - No Dual Citizenship
An active security clearance or the ability to obtain one may be required for this role.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States and with Accenture (i.e., H1-B visa, F-1 visa (OPT), TN visa or any other non-immigrant status).
Accenture is a Federal Contractor and an EEO and Affirmative Action Employer of Females/Minorities/Veterans/Individuals with Disabilities.