Cyber Security Analyst

About The Position

Requirements

• Active DoD Top Secret security clearance with SCI eligibility required for consideration.
• Bachelors Degree and 4+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of a degree.
• Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings
• DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC prior to starting.
• DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 180 days of hire.
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain and an ability to think and work independently
• Strong analytical and troubleshooting skills
• Willing to perform shift work
• Must be a US Citizen

Nice To Haves

• CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
• Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Splunk, Suricata, Zeek, Full Packet Capture), and other attack artifacts in support of incident investigations.
• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Splunk ES, CoreLight/Elastic).
• Experience and proficiency with any of the following: Splunk, Suricata, Zeek, Full Packet Capture, Network Forensics, Endpoint Security.
• Experience with malware analysis concepts and methods.
• Unix/Linux command line experience.
• Scripting and or programming experience to write Suricata and Zeek rule sets.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
• Familiarity or experience in Intelligence Driven Defense and/or Mitre ATT&CK, and/or Cyber Kill Chain methodologies.
• Existing 8570 CSSP Analyst Certifications (CEH), CySA+ etc.

Responsibilities

• Review DoD and open-source intelligence for threats and to identify Indicators of Compromise (IOCs) and integrate those into sensors and SIEMs
• Utilize alerts from endpoints, IDS/IPS, netflow, and custom sensors to identify compromises on customer networks/endpoints
• Review massive log files, pivot between data sets, and correlate evidence for incident investigations
• Triage alerts to identify malicious actors on customer networks
• Report incidents to customers and USCYBERCOM

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.