Location: Remote support will be allowed for local (Raleigh NC) qualified candidates
Note: Us citizens and Green card holders are encouraged to apply, as we are unable to sponsor at this time.
Job Description: Cyber Threat Analyst III The Cybersecurity Operations Portfolio is in need of a Cyber Threat Analyst supporting its Threat Intelligence (TIU) program. The resource will be supporting TIU - Daily Operations. This resource will be working with the OPS: Threat Intelligence (TIU) team to Key Responsibilities*
Must be able to:
• Implement a dynamic, advanced Risk-Based Alerting (RBA) security framework within Splunk
• Create and test detections written in advanced Splunk Programming Language (SPL)
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
• Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis.
• Act as an observer to Red Team penetration testing exercises and collaborating with Cybersecurity Operations Center (CSOC)
• Correlate event or incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation. This position is expected to last through 01/00/1900.
• 5+ years experience with Splunk, MITRE ATT&CK Framework, Endpoint Security Services
• Experience with host level scripting, eg. Powershell.
• Experience in working with one or more Cloud Platforms
• Familiarity with cybersecurity operation center functions
• Linux Administration and monitoring
• Windows Administration and monitoring
• Experience with Security framework and can interpret use cases into actionable monitoring solutions.
Strong working knowledge of:
• Security Information and Event Management (SIEM) systems.
• Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
• Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
• Network and Host malware detection and prevention.
• Network and Host forensic applications.
• Web/Email gateway security technologies.
• Log aggregation tools.
• Demonstrated ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines
• Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness
• Demonstrated solid planning and organizational skills
• Demonstrated experience working independently and as part of a team
5-7 years of experience with security operations and incident response
Bachelor's OR Master's Degree in Computer Science, Information Systems, or other related field.
CERTIFICATIONS: (One or more required)
One or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.
• Must be able to obtain a Position of Public Trust Clearance
• Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
• Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
• If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
• All candidates must be a US Citizen, or have permanent residence status (Green Card).
• Candidate must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)