IT Security Analyst, Tier III

About The Position

Requirements

• Advanced understanding of networking concepts and ability to analyze network artifacts
• Effective communication across technical silos
• 6-10+ years of actual work-related experience in the field of Information Security
• Experience with SIEM solutions (preferably Splunk or similar tool) search language, techniques, alerts, dashboards, report building, and creation of automated log correlations.
• 6-10+ years of relevant cybersecurity experience in IT Security, Incident Response, or network security with a strong knowledge working in a SOC
• The ability to write well and convey information to the intended audience in an easily understood manner
• Bachelors Degree in Computer Science, Information Technology, Information Systems, or a related discipline. Equivalent experience and/or alternative qualifications will be considered.

Nice To Haves

• Strong understanding of Lockheed Martin’s Kill Chain (preferred)
• In depth knowledge of MITRE ATT&K matrix (preferred)
• One or more relevant industry cybersecurity certifications preferred (GCIA, GCIH, GREM, CEH, etc.)

Responsibilities

• Be force multiplier to proactively identify, investigate, respond, contain, and report on cyber incidents by using pattern recognition, data sets, communication, forensics, and analytics.
• Perform leadership duties and responsibilities that must continue to be performed during crisis situations and contingency operations, which may necessitate extended hours of work.
• Demonstrated leadership in directing and conducting research efforts, including prior experience as lead Investigator.
• Identify deficiencies in security posture and develop, administer, and participate in action plans to address these gaps.
• Experience in managing large-sized projects/programs across multiple disciplines and/or teams.
• Advanced-level understanding of business risk and how to properly advise a customer through critical situations
• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
• Perform general SIEM monitoring, analysis, content development, and maintenance
• Conduct and drive incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile detailed investigation and analysis reports for internal SOC consumption and delivery to leadership
• Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
• Analyze malicious campaigns and evaluate the effectiveness of security technologies
• Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
• Conduct and provide computer forensic analysis of system memory and disk images
• Coordinate threat hunting activities across the network, leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
• Hunt for and identify threat actor groups and their techniques, tools, and processes
• Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses
• Provide analytic investigative support of large scale and complex security incidents
• In depth understanding of cloud service providers (CSP) security offerings
• Understanding of and ability to perform malware reverse engineering
• Effective at utilizing sandbox technologies to detonate malware samples
• Provide “Person in Charge” (PIC) coverage when on rotation.