Job Description: Cyber Threat Analyst III (VAO145 - Falls Church)
The Cyber security Operations Portfolio is in need of a Cyber Threat Analyst supporting its Threat Intelligence (TIU) program. The resource will be supporting TIU - Daily Operations. This resource will be working with the OPS: Threat Intelligence (TIU) team to Key Responsibilities*:
Must be able to:
Implement a dynamic, advanced Risk-Based Alerting (RBA) security framework within Splunk
Create and test detection's written in advanced Splunk Programming Language (SPL)
Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis.
Act as an observer to Red Team penetration testing exercises and collaborating with Cyber security Operations Center (CSOC)
Correlate event or incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation. This position is expected to last through 01/00/1900.
Qualification Requirements:
5+ years experience with Splunk, MITRE ATT&CK Framework, Endpoint Security Services Experience with host level scripting, eg. Powershell.
Experience with host level scripting, eg. Powershell.
Experience in working with one or more Cloud Platforms
Familiarity with cybersecurity operation center functions
Linux Administration and monitoring
Windows Administration and monitoring
Experience with Security framework and can interpret use cases into actionable monitoring solutions.
Strong working knowledge of:
Security Information and Event Management (SIEM) systems.
Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
Network and Host malware detection and prevention.
Network and Host forensic applications.
Web/Email gateway security technologies.
Sysmon.
Log aggregation tools.
Demonstrated ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines
Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness
Demonstrated solid planning and organizational skills
Demonstrated experience working independently and as part of a team
EXPERIENCE LEVEL:
5-7 years of experience with security operations and incident response
EDUCATION:
Bachelor's OR Master's Degree in Computer Science, Information Systems, or other related field.
CERTIFICATIONS: (One or more required)
One or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.
Additional Provisions:
Must be able to obtain a Position of Public Trust Clearance
Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
All candidates must be a US Citizen, or have permanent residence status (Green Card).
Candidate must have lived in the United States for the past 5 years.
Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)