EverWatch is a government solutions company providing advanced defense, intelligence, and deployed support to our country’s most critical missions.  We are a full-service government solutions company. Harnessing the most advanced technology and solutions, we strengthen defenses and control environments to preserve continuity and ensure mission success.

EverWatch is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age (40 or older), disability, genetic information, citizenship or immigration status, and veteran status or any other factor prohibited by applicable law.

EverWatch employees are focused on tackling the most difficult challenges of the US Government. We offer the best salaries and benefits packages in our industry - to identify and retain the top talent in support of our critical mission objectives. 

We are looking for an experienced Security Operations Center (SOC) Tier II Analyst to improve monitoring strategies and analyze threats to safeguard infrastructure supporting global missions focused on seeking out and eliminating cyberspace threats to defend the United States and its Allies. You will guide the team on best practices and security measures. You'll configure defense tools, create reports, and dashboards and build custom queries. You will make recommendations to leadership on best practices to harden infrastructure and improve alerting. You'll lead incident response and remedy potential incidents escalated from Tier 1 SOC Analysts. You'll work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact. You will guide efforts to assess how many systems are affected and assist recovery efforts. You'll combine threat intelligence, event data, and assessments from recent events to identify patterns and provide mitigation techniques and strategies.  Finally, you will apply knowledge of attacker techniques to uncover threats by analyzing log data, and building and tuning detections. 

Qualifications:

• 6+ years of experience in modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
• Experience with writing detections within SIEM solutions, including Splunk, ArcSight, ElasticSearch, or Azure Sentinel
• Experience with Intrusion Detection System or Intrusion Prevention System (IDS/IPS) monitoring
• Knowledge of the basic functions and configurations of Bro or Zeek
• Knowledge of OS internals, including Windows, Linux, or Mac
• Knowledge of common security threats and vulnerabilities
• Ability to perform Nessus scans and review results, firewall configurations, and Linux hosts for indicators of compromise and hardening of Linux systems
• TS/SCI clearance with a polygraph
• Bachelor's degree
• IAT Level II Certifications

Nice If You Have:

• Experience in creating and debugging Splunk Dashboards and creating Snort rules 
• Experience with security subjects and trends, including digital forensics, reverse engineering, and penetration testing
• Experience with security principles in virtual and hosting software, including MISP, HIVE, CORTEX, WikiJS, VPN, and SecurityOnion
• Experience with leading teams in a technical capacity
• Experience with leveraging common scripting languages, including PowerShell or Python to parse logs and automate repeatable tasks
• Ability to use Splunk to hunt for indicators of compromise, create Splunk Dashboards, and review logs
• Ability to code or script using any language
• Ability to partner and collaborate with teams, both internal and external, including developers, vendors, analysts, tech leads, and project managers
• DOD 8570 CSSP Analyst Certification 
• GCIA, GSLC, GCIH, CISM, CISSP, or- CEH Certifications