Security Specialist

About The Position

Requirements

• 2+ years of experience and training in the field of cyber security monitoring and analysis, incident response, cyber threat analysis, and vulnerability analysis.
• 1+ years of experience with the Incident Response lifecycle (Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity) and the ability to lead the technical aspects of an investigation.
• Bachelor’s degree in Information Security, Forensics, Computer Science related fields or equivalent experience.
• must possess a DoD 8140 Intermediate (or above) certification or be able to obtain one within 6 months of onboarding.
• expertise and practical experience with Security Information and Event Management (SIEM)/ Security Orchestration, Automation & Response (SOAR) platforms and Endpoint Detection & Response (EDR) tools.
• excellent verbal and written communications skills with experience producing executive-level briefs.
• an understanding of operating system internals (Windows, macOS, Linux), common network protocols, or the ability to analyze endpoint and network artifacts (e.g., packet captures, memory dumps, system logs).
• Active United States Secret Clearance.

Nice To Haves

• familiarity with the security logging, monitoring, and threat landscape of cloud environments that comply with US federal government security standards under NIST SP 800-53 Rev5 and NIST SP 800-37.
• a Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Penetration Tester (GPEN) or GIAC equivalent.
• ability to analyze and apply Cyber Threat Intelligence to hunting for adversary TTPs.
• willingness to learn new skills and new tools.
• Excel in a collaborative environment, actively contributing to a positive team culture by fostering continuous learning, sharing knowledge, and working seamlessly with peers to achieve shared security objectives.

Responsibilities

• Security Monitoring: review alerts within SIEM/SOAR platforms and manage security cases & tickets, conduct initial security incident analysis to ensure timely response.
• Incident Response: drive the entire incident response lifecycle from initial triage and in-depth investigation to rapid containment and effective remediation of active security threats.
• Advance Detection: collaborate with Detection Engineers to rapidly develop and deploy new detections, composite rules, and dashboards based on discovered threat Tactics, Techniques, and Procedures (TTPs).
• CTI-Driven Threat Hunts: collaborate closely with the Cyber Threat Intelligence (CTI) team to analyze relevant intel, extract actionable insights, and detect potential Indicators of Compromise (IoC) associated with Advanced Persistent Threats (APTs).
• Monitoring & Triaging Alerts: security monitoring, managing security cases & tickets, security incident analysis, and other security tasks.
• Security Log Reviews: analyzing a variety of security logs to identify actionable events (SIEM reports-alerts-tickets, system, network, security monitoring tools).
• Event Analysis: determine the attack type and scope based on the triage of events collected.
• Problem Solving: use critical thinking to navigate complex problem-sets (technical and non-technical) with real-world impacts to business and stakeholders when triaging system & network events.
• Documentation: capture all investigative, response, and remediation activities within the case management platform Ensure each case includes a detailed triage, captured artifacts, and any IOCs to support clear tracking of security team efforts of associated tasks.
• Detection Tuning: provide feedback into the design, implementation, and administration of security tools/ rules to reduce false positives.
• Mitigation Support: analyze data sets, determine the gaps and recommend fixes to appropriate stakeholders.
• Reporting: document and communicate findings clearly to both technical and non-technical stakeholders, detailing the threat, its potential impact, and actionable remediation steps.

Benefits

• range of medical, financial, and/or other benefits, dependent on the position offered.