Lucid Technologies Inc

Job Description: Cyber Threat Analyst III The Cybersecurity Operations Portfolio is in need of a Cyber Threat Analyst supporting its Threat Intelligence (TIU) program. The resource will be supporting TIU - Daily Operations. This resource will be working with the OPS: Threat Intelligence (TIU) team to Key Responsibilities*

• Implement a dynamic, advanced Risk-Based Alerting (RBA) security framework within Splunk

• Create and test detections written in advanced Splunk Programming Language (SPL)   

• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.

• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

• Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis. 

• Act as an observer to Red Team penetration testing exercises and collaborating with Cybersecurity Operations Center (CSOC) 

• Correlate event or incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

• Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation. This position is expected to last through 01/00/1900.

• 5+ years experience with Splunk, MITRE ATT&CK Framework, Endpoint Security Services 

• Experience with host level scripting, eg. Powershell.

• Experience in working with one or more Cloud Platforms 

• Familiarity with cybersecurity operation center functions 

• Linux Administration and monitoring 

• Windows Administration and monitoring 

• Experience with Security framework and can interpret use cases into actionable monitoring solutions.

• Security Information and Event Management (SIEM) systems.

• Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).

• Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).

• Network and Host malware detection and prevention.

• Network and Host forensic applications.

• Web/Email gateway security technologies.

• Sysmon.

• Log aggregation tools.

• Demonstrated ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines 

• Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness 

• Demonstrated solid planning and organizational skills 

• Demonstrated experience working independently and as part of a team

5-7 years of experience with security operations and incident response

 

Bachelor's OR Master's Degree in Computer Science, Information Systems, or other related field.

One or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.

• Must be able to obtain a Position of Public Trust Clearance 

• Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.

• Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.

• If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.

• All candidates must be a US Citizen, or have permanent residence status (Green Card).

• Candidate must have lived in the United States for the past 5 years.

• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)