CIRT Tier 2 Analyst

About The Position

Requirements

• Bachelor's degree and at least 2 years of experience or a High School diploma and 6 years of experience.
• Must possess or be able to obtain at least one of the following certifications before start date. Continued certification required as a condition of employment: CCNA-SecurityCNDCySA+ GICSPGSECSecurity+ CESSCP
• Continued certification is required as a condition of employment.
• Demonstrated experience in the Incident Response lifecycle.
• Knowledge of SOAR ticketing and automated response systems (e.g. ServiceNow, Splunk SOAR, Microsoft Sentinel).
• Demonstrated experience with using Security Information and Event Management (SIEM) platforms (e.g. Splunk, Microsoft Sentinel, Elastic, Q-Radar).
• Demonstrated experience in using Endpoint Detection and Response systems (e.g. MDE, ElasticXDR, CarbonBlack, Crowdstrike).
• Knowledge of cloud security monitoring and incident response.
• Knowledge of integrating IOCs and Advanced Persistent Threat actors.
• Ability to analyze cyber threat intelligence reporting and understanding adversary methodologies and techniques.
• Knowledge of malware analysis techniques.
• Knowledge of the MITRE ATT&CK and D3FEND frameworks.
• U.S. Citizenship required.
• Active Secret security clearance required in order to start.

Nice To Haves

• Active Secret clearance.
• Proficiency with Splunk for security monitoring, alert creation, and threat hunting.
• Knowledge of Microsoft Azure access and identity management.
• Proficiency with Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.
• Experience in using digital forensics collection and analysis tools (e.g. Autopsy, MagnetForensics, Zimmerman Tools, KAPE, CyLR, Volatility).
• Experience with using ServiceNow SOAR for ticketing and automated response.
• Knowledge of Python, PowerShell and BASH scripting languages.
• Experience with cloud security monitoring and incident response.
• Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
• Experience with integrating cyber threat intelligence and IOC-based hunting.
• Technical certifications such as: Security+, CySA+, Cloud+, Try Hack Me SAL1, Hack the Box CDSA, CyberDefenders, CCD, Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.
• Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.

Responsibilities

• Detect, classify, process, track, and report on cyber security events and incidents.
• Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
• Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.
• Characterize and analyze network traffic to identify anomalous activity and potential threats.
• Protect against and prevent potential cyber security threats and vulnerabilities.
• Perform forensic analysis of hosts artifacts, network traffic, and email content.
• Analyze malicious scripts and code to mitigate potential threats.
• Conduct malware analysis to generate IOCs to identify and mitigate threats.
• Collaborate with Department of State teams to analyze and respond to events and incidents.
• Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.
• Create tickets and initiate workflows as instructed in technical SOPs.
• Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
• Collaborate with other local, national and international CIRTs as directed.
• Submit alert tuning requests.