Cyber Threat Analyst

About The Position

Requirements

• 7+ years of experience with security operations, threat hunting, and incident response
• Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
• Experience in configuring network devices and analyzing network traffic
• Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
• Experience in researching, developing, and implementing SOAR use cases.
• Familiar with Security Orchestration, Automation, and Response (SOAR) platform
• Familiarity with cybersecurity operation center functions.
• Experience configuring and re-configuring security tools, including SentinelOne and Splunk.
• Experience implementing Security frameworks, such as MITRE ATT&CK and NIST, and can interpret use cases into actionable monitoring solutions.
• MUST have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.
• Strong working knowledge of:
• Develop, test and Implement dynamic Risk-Based Alerting (RBA)
• Identifying and developing RBA and identifying use cases for SOAR and AI/ML.
• Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary.
• Analyze network traffic utilizing available tools and provide recommendations
• Perform vulnerability assessments of recently discovered CVEs against USPS systems and network.
• Assist in the process of configuring or re-configuring the security tools.
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.

Responsibilities

• Incident Management & Triage: Perform triage on security escalations and detections to determine scope, severity, and root cause; monitor cybersecurity events and investigate incidents efficiently.
• Automation & Engineering: Identify, recommend, and implement automation use cases leveraging AI/ML capabilities to accelerate response times.
• SOAR Implementation: Support the deployment, configuration, testing, and maintenance of the Security Orchestration, Automation, and Response (SOAR) platform, specifically focusing on SentinelOne and Splunk integrations.
• Detection Tuning: Create and modify detection rules, signatures, and alerts across SIEM and EDR platforms (Splunk and SentinelOne) to reduce false positives and enhance fidelity.
• Data Analysis & Dashboarding: Analyze alerts from Cloud, SIEM, EDR, and XDR tools; build and maintain comprehensive dashboards and perform complex queries to support decision-making.
• Vulnerability & Risk Assessment: Perform vulnerability assessments of discovered CVEs against agency systems and analyze network traffic to provide actionable security recommendations.
• Framework Implementation: Apply security frameworks such as MITRE ATT&CK and NIST to interpret use cases into actionable monitoring solutions.
• Communication: Effectively communicate technical findings to non-technical audiences and influence stakeholders to comply with security standards and best practices.

Benefits

• Insurance – health, dental, and vision
• Paid Time Off (PTO) and 11 Federal Holidays
• 401(k) employer match