Attack Sensing & Warning Analyst (T2 AS&W Analyst)

About The Position

Requirements

• Bachelor's degree in computer science, engineering, Information Technology (IT), Cyber Security, or related field and 4 years of professional experience. Additional years of experience are accepted in lieu of degree.
• 5 years of professional experience (or a Bachelors' Degree and 3 years of professional experience) in incident detection, response and remediation.
• Minimum of three (3) but (5) preferred years of specialized experience in one or more of the following areas: Email security Digital media forensic Monitoring and detection Incident Response Vulnerability assessment and penetration testing Cyber intelligence analysis
• Extensive experience analyzing and synthesizing information with other relevant data sources, providing guidance and mentorship to others in cyber threat analysis and operations.
• Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems/issues/risks and facilitate resolution and risk mitigation.
• Ability to stay up to date with the latest threat intelligence, security trends, tools, and capabilities.
• Possess strong problem-solving abilities with an analytic and qualitative eye for reasoning.
• Ability to independently prioritize and complete multiple tasks with little to no supervision.
• The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst (CySA+) CEH - Certified Ethical Hacker CompTIA Linux Network Professional (CLNP) CompTIA Pentest+ CompTIA Cybersecurity Analyst (CySA+) GPEN - Penetration Tester GWAPT - Web Application Penetration Tester GSNA - System and Network Auditor GISF - Security Fundamentals GXPN - Exploit Researcher and Advanced Penetration Tester GWEB - Web Application Defender GNFA - Network Forensic Analyst GMON - Continuous Monitoring Certification GCTI - Cyber Threat Intelligence GOSI - Open Source Intelligence OSCP (Certified Professional) OSCE (Certified Expert) OSWP (Wireless Professional) OSEE (Exploitation Expert) CCFP - Certified Cyber Forensics Professional CISSP - Certified Information Systems Security CHFI - Computer Hacking Forensic Investigator LPT - Licensed Penetration Tester CSA - EC Council Certified SOC Analyst (Previously ECSA - EC-Council Certified Security Analyst) ENSA - EC-Council Network Security Administrator ECIH - EC-Council Certified Incident Handler ECSS - EC-Council Certified Security Specialist ECES - EC-Council Certified Encryption Specialist
• All Department of Homeland Security CBP SOC employees are required to favorably pass a 5-year (BI) Background Investigation

Nice To Haves

• Ability to coordinate and communicate well with team leads and government personnel.
• Experience with detection engineering efforts to tune alerts, signatures, and tools to reduce false positives.
• Experience in cyber government, and/or federal law enforcement
• Experience with the Cyber Kill Chain and MITRE ATT&CK framework
• Ability to formulate and create new processes, metrics, and procedures to improve security operations.

Responsibilities

• Utilize state of the art technologies such as Endpoint Detection & Response (EDR) tools, log analysis (Splunk) and occasionally network forensics (full packet capture solution) to investigative activity to examine endpoint and network-based data.
• Monitor alerting channels for multiple endpoint and network tools for alerts of various criticalities and escalate according to defined processes, procedures, and playbooks.
• Triage alerts to determine nature of activity occurring on customer networks, systems, servers, and mobile devices.
• Conduct log analysis from multiple avenues and tools to triage activity in support of incident response.
• Recognize attacker and APT activity, tactics, and procedures and aggregate indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
• Lead Incident Response activities and mentor junior SOC staff.
• Create daily, weekly, and monthly reports for dissemination to customer leadership with emphasis on attention to detail and accurate capturing of relevant, timely data for briefings.
• Succinctly and accurately capture technical details and summarize findings for less technical audiences.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Strong problem-solving abilities with an analytic and qualitative mindset.
• Effectively communicate with customer leadership and disseminate timely updates of critical incidents with emphasis on attention to detail and accurate reporting.

Benefits

• Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers.
• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.
• More details are available here.