Senior Cyber Active Threat Analyst

About The Position

Requirements

• 5+ years of experience in cybersecurity with focus on threat analysis, security monitoring, or SOC operations
• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or related field (or equivalent experience)
• Deep expertise in SIEM systems (Splunk, Elastic Security, or similar) including log collection, correlation, and analysis
• Strong understanding of adversarial tactics, techniques, and procedures (MITRE ATT&CK framework)
• Experience with threat hunting methodologies and proactive threat detection
• Knowledge of intrusion detection systems (IDS/IPS), network security monitoring, and endpoint detection and response (EDR)
• Understanding of indicators of compromise and anomalous behavior patterns
• Experience with incident response procedures and root cause analysis
• Strong analytical and problem-solving skills with ability to correlate data from multiple sources
• Excellent communication skills to convey technical findings to diverse audiences
• Professional certifications such as GCIA, GCIH, GCFA, CySA+, or equivalent

Nice To Haves

• Experience in critical infrastructure or industrial control systems (ICS/SCADA) security
• Knowledge of NRC cybersecurity regulations (10 CFR 73.54) and nuclear industry requirements
• Experience with advanced threat intelligence platforms and threat intelligence sharing
• Background in malware analysis and reverse engineering
• Familiarity with Palantir technologies or similar data integration platforms for security analytics
• Experience with machine learning and advanced analytics for threat detection
• Knowledge of nuclear digital systems and operational technology environments
• Advanced certifications such as GCTI, GNFA, OSCP, or similar
• Scripting/programming skills in Python, PowerShell, or similar languages
• Security clearance eligibility

Responsibilities

• Proactively hunt for threats by analyzing anomalous or suspected adversarial behavior in nuclear digital systems and networks
• Identify indications of compromise including unusual network traffic, unusual file changes, and the presence of malicious code
• Detect malicious or suspicious access control or networking anomalies occurring at established defensive level boundaries and within security levels
• Identify malicious activity at the earliest possible time and take appropriate actions
• Isolate and contain malicious activity to prevent spread and minimize impact
• Monitor SIEM systems (Security Information and Event Management) to collect, correlate, and analyze security events from multiple sources
• Analyze SIEM logs for incident indicators, identify attack vectors and entry points, and conduct root cause analysis investigations
• Monitor intrusion detection systems and network security monitoring tools to identify potential security incidents
• Correlate security events from perimeter defenses, network devices, and endpoint agent data feeds to identify threats
• Adjust monitoring tools and techniques as threat agents constantly change and adapt their tactics to circumvent defenses
• Develop and maintain threat intelligence on current adversarial tactics, techniques, and procedures (TTPs)
• Assess adversary threat capabilities and understand advanced persistent threat (APT) methodologies
• Analyze malicious code to understand adversary tradecraft and the functionality of specific threats
• Share threat intelligence with peer organizations, Information Sharing and Analysis Centers (ISAC), and relevant government departments
• Monitor threat landscape updates and adapt security posture based on emerging threats
• Support cybersecurity incident response team (CSIRT) functions during active incidents
• Rapidly develop appropriate responses when threats are detected, correlating new incidents with information on past intrusions
• Identify, classify, and respond to cyber security incidents and determine whether incidents are reportable
• Perform rapid forensic preservation and analysis to support incident investigations
• Track and document security incidents using automated mechanisms to assist in collection and analysis
• Collaborate with integrated incident response teams including forensic analysts, malicious code analysts, and systems security engineers
• Provide detailed threat analysis reports to leadership and stakeholders on emerging threats and security posture
• Notify appropriate authorities including E-ISAC and CISA of reportable cyber security incidents
• Maintain expert skill and knowledge in cybersecurity, staying current with emerging threats and detection methodologies

Benefits

• Competitive compensation packages
• 401k with company match
• Medical, dental, vision plans
• Generous vacation policy, plus holidays