Tier 2 Shift Lead / Secret

About The Position

Requirements

• Bachelor’s degree and minimum of 9 years of relevant experience; or, Master’s degree with minimum of 7 years; or PhD with 4 years.
• Must possess, or obtain prior to start date, at least one of the following certifications: CASP+ CE; CCNA Cyber Ops; CCNA-Security; CCNP Security; CEH; CFR; CHFI; CISA;CISSP (or Associate); CISSP-ISSAP; CISSP-ISSEP; CySA+; GCED; GCFA; GCIH; SCYBER. Continued certification is required as a condition of employment.
• Demonstrated experience across the incident response lifecycle.
• Experience with SOAR platforms and automated response workflows (e.g., ServiceNow, Splunk SOAR, Microsoft Sentinel).
• Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Microsoft Sentinel, Elastic, QRadar).
• Experience with Endpoint Detection and Response (EDR) solutions (e.g., Microsoft Defender for Endpoint, Elastic XDR, Carbon Black, CrowdStrike).
• Knowledge of cloud security monitoring and incident response.
• Knowledge of integrating indicators of compromise (IOCs) and tracking advanced persistent threat (APT) actors.
• Ability to analyze cyber threat intelligence and understand adversary tactics, techniques, and procedures (TTPs).
• Knowledge of malware analysis techniques.
• Familiarity with MITRE ATT&CK and D3FEND frameworks.
• U.S. Citizenship required.
• Active Secret security clearance required at start.

Nice To Haves

• Proficiency with Splunk for security monitoring, alert creation, and threat hunting.
• Experience using Microsoft Azure access and identity management.
• Proficiency in Microsoft Defender for Endpoint and Identity for security monitoring, response, and alert generations.
• Experience using digital forensics collection and analysis tools (e.g. Autopsy, Axiom MagnetForensics, Zimmerman-Tools, KAPE, CyLR, Volatility).
• Experience using ServiceNow SOAR for ticketing and automated response.
• Experience using Python, PowerShell and BASH scripting languages.
• Proficiency in cloud security monitoring and incident response.
• Demonstrated ability to perform static/dynamic malware analysis and reverse engineering.
• Experience with integrating cyber threat intelligence and IOC-based hunting.
• Technical certifications such as: Azure SC-900, CCSP, GCIH, CCSK, GSEC, CHFI, GCLD, GCIA.
• Advanced technical certifications such as: SecurityX/CASP+, PRMP, GREM, GEIR, GNFA, or GCFA.

Responsibilities

• Detect, classify, process, track, and report on cyber security events and incidents.
• Perform advanced in-depth analysis of coordinated Tier 1 alert triage and requests in a 24x7x365 environment.
• Analyze logs from multiple sources (e.g., host logs, EDR, firewalls, intrusion detection systems, servers) to identify, contain, and remediate suspicious activity.
• Characterize and analyze network traffic to identify anomalous activity and potential threats.
• Protect against and prevent potential cyber security threats and vulnerabilities.
• Perform forensic analysis of hosts artifacts, network traffic, and email content.
• Analyze malicious scripts and code to mitigate potential threats.
• Conduct malware analysis to generate IOCs to identify and mitigate threats.
• Collaborate with Department of State teams to analyze and respond to events and incidents.
• Monitor and respond to the CIRT Security Orchestration and Automation Response (SOAR) platform, hotline, email in-boxes.
• Create tickets and initiate workflows as instructed in technical SOPs.
• Coordinate and report incident information to the Cybersecurity and Infrastructure Security Agency (CISA).
• Collaborate with other local, national and international CIRTs as directed.
• Submit alert tuning requests.
• Review all Tier 2 shift tickets for accuracy and completeness.
• Coordinate with CIRT Watch Officers and government leadership on remediation actions.
• Provide technical and procedural improvement recommendations to CIRT leadership.
• Assist with Tier 2 candidate technical interviews as required.
• Ensure coordinated remediation actions are operating properly.

Benefits

• Overtime
• Shift differential
• Discretionary bonus