Attack Sensing & Warning Analyst (T2 AS&W Analyst)

About The Position

Requirements

• Bachelor’s degree in computer science, e ngineering, Information Technology (IT) , Cyber Security, or related field and 4 years of professional experience. Additional years of experience are accepted in lieu of degree.
• 5 years of professional experience (or a Bachelors’ Degree and 3 years of professional experience) in incident detection, response and remediation .
• Minimum of three (3) but (5) preferred years of specialized experience in one or more of the following areas: Email security Digital media forensic Monitoring and detection Incident Response Vulnerability assessment and penetration testing Cyber intelligence analysis
• Extensive experience analyzing and synthesizing information with other relevant data sources, providing guidance and mentorship to others in cyber threat analysis and operations .
• Ability to collaborate with technical staff and customers to identify , assess, and resolve complex security problems/issues/risks and facilitate resolution and risk mitigation.
• Ability to stay up to date with the latest threat intelligence , security trends , tools, and capabilities .
• Possess s trong problem-solving abilities with an analytic and qualitative eye for reasoning .
• Ability to independently prioritize and complete multiple tasks with little to no supervision.
• The candidate should have at minimum ONE of the following certifications: CompTIA Cyber Security Analyst ( CySA +) CEH – Certified Ethical Hacker CompTIA Linux Network Professional (CLNP) CompTIA Pentest+ CompTIA Cybersecurity Analyst ( CySA +) GPEN – Penetration Tester GWAPT – Web Application Penetration Tester GSNA – System and Network Auditor GISF – Security Fundamentals GXPN – Exploit Researcher and Advanced Penetration Tester GWEB – Web Applicatio n Defender GNFA – Network Forensic Analyst GMON – Continuous Monitoring Certification GCTI – Cyber Threat Intelligence GOSI – Open Source Intelligence OSCP (Certified Professional) OSCE (Certified Expert) OSWP (Wireless Professional) OSEE (Exploitation Expert) CCFP – Certified Cyber Forensics Professional CISSP – Certified Information Systems Security CHFI – Computer Hacking Forensic Investigator LPT – Licensed Penetration Tester CSA – EC Council Certified SOC Analyst (Previously ECSA – EC-Council Certified Security Analyst) ENSA – EC-Council Network Security Administrator ECIH – EC-Council Certified Incident Handler ECSS – EC-Council Certified Security Specialist ECES – EC-Council Certified Encryption Specialist
• All Department of Homeland Security CBP SOC employees are required to favorably pass a 5-year (BI) Background Investigation

Nice To Haves

• Ability to coordinate and communicate well with team leads and government personnel.
• Experience with detection engineering efforts to tune alerts, signatures, and tools to reduce false positives.
• Experience in cyber government, and/or federal law enforcement
• Experience with the Cyber Kill Chain and MITRE ATT&CK framework
• Ability to formulate and create new processes, metrics, and procedures to improve security operations .

Responsibilities

• Utilize state of the art technologies such as Endpoint Detection & Response (EDR) tools, log analysis (Splunk) and occasionally network forensics (full packet capture solution) to investigative activity to examine endpoint and network-based data.
• Monitor alerting channels for multiple endpoint and network tools for alerts of various criticalities and escalate according to defined processes, procedures, and playbooks.
• Triage alerts to determine nature of activity occurring on customer networks, systems, servers, and mobile devices.
• Conduct log analysis from multiple avenues and tools to triage activity in support of incident response.
• Recognize attacker and APT activity, tactics, and procedures a nd aggregate indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
• Lead I ncident Response activities and mentor junior SOC staff.
• Create daily, weekly, and monthly reports for dissemination to customer leadership with emphasis on attention to detail and accurate capturing of relevant, timely data for briefings.
• S uccinctly and accurately capture technical details and summarize findings for less technical audiences.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Strong problem-solving abilities with an analytic and qualitative mindset.
• Effectively communicate with customer leadership and disseminate timely updates of critical incidents with emphasis on attention to detail and accurate reporting.