Cybersecurity Analyst

About The Position

Requirements

• Experience in Microsoft Defender and Sentinel, analyzing events and recommended actions
• Experience with Corelight Investigator is highly preferred
• Technical background with a variety of information security systems and tools including firewalls, intrusion detection systems, intrusion prevention systems, vulnerability management, intrusion detection and prevention, cloud access security broker, anti-virus/malware, data loss prevention
• Experience or knowledge designing and implementing controls within corporate networks to include computer and network security and operating systems such as UNIX, Linux, MAC, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection
• Strong analytical skills in order to identify security risks and appropriate measures needed to help mitigate those risks.
• Must be comfortable conducting independent research into issues and inquiries to provide guidance when requested

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience)
• 2+ years of experience in cybersecurity, with a focus on architecture, strategy, or special projects
• Understanding of security frameworks (e.g., NIST, ISO 27001) and risk management methodologies
• Hands-on experience with security tools, vulnerability management, and incident response processes
• Experience with security architecture design, including cloud security platforms (AWS/Azure)
• Excellent written and verbal communication skills with the ability to present complex information to both technical and non-technical stakeholders
• Preferred Certifications: CISSP, CISM, OSCP, or equivalent industry-recognized certifications; GIAC certifications (GCIH, GCFA, GCIA) and cloud security credentials (CCSP, AWS Security Specialty) a plus

Responsibilities

• Interfaces and communicates with internal/external stakeholders regularly to identify and review software for use in a CMMC Level 2 environment and eventually CMMC level 3 environment
• Provides consulting relative to cybersecurity strategy, metrics, and compliance
• Supports the development of CMMC cybersecurity assessment related instruction
• Gather evidence in support of audits
• Provides subject matter expertise on matters including governance and oversight, standards and processes, tools and technology
• Support the development, implementation, and management of security policies/procedures to ensure they remain aligned with business objectives/meet regulatory requirements
• Correlate threat information from various sources, including security incidents raised by the user community such as phishing attempts, malware outbreaks, unauthorized access attempts, as well as security alerting sources
• Maintain current knowledge of DoD security and technical guidelines and the organization's policies
• After-hours support is required for incident handling, maintenance and patching when needed
• Collaborate with cross-functional teams to drive security improvements and ensure project objectives are met within scope, time, and budget constraints

Benefits

• STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members.