Identification of Cybersecurity problems which may require mitigating controls
Analyze network traffic to identify exploit or intrusion related attempts
Recommend detection mechanisms for exploit and or intrusion related attempts
Provide subject matter expertise on network based attacks, network traffic analysis, and intrusion methodologies
Escalate items which require further investigation to other members of the Threat Management team
Execute operational processes in support of response efforts to identified security incidents
Job responsibilities will include:
Participates in a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc. to identify the responsible, determine remediation, and recommend security improvements
Follows precise analytical paths to determine the nature and extent of problems being reported by tools, e-mails, etc.
Follows strict guidance on reporting requirements
Keeps management informed with precise, unvarnished information about security posture and events
Promotes standards-based workflow both internally and in coordinating with US-CERT
Engages with other internal and external parties to get and share information to improve processes and security posture
Guide team efforts
Communicates to CISO leadership
Leads analyzing/investigating reports or anomalies
Must be eligible to obtain a sensitive clearance – Position of Public Trust – and may be required to obtain a higher security clearance
Preferred 3+ years IT security experience
Preferred 2+ years’ experience in network traffic analysis
Strong working knowledge of:
Network Level Exploits
Excellent oral and written communication skills
Excellent interpersonal and organizational skills
Strong understanding of IDS/IPS technologies, trends, vendors, processes and methodologies
Strong understanding of common IDS/IPS architectures and implementations
Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection
Splunk experience, developing queries
Cloud monitoring experience is a plus
Excellent writing skills
3-5 years of related experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC).
Bachelors Degree in Computer Science, Information Technology or Information Security preferred or a technically related field OR equivalent related work experience
Must be able to obtain a Position of Public Trust Clearance
Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
Once candidate’s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
All candidates must be a US Citizen, or have permanent residence status (Green Card).
Candidate must have lived in the United States for the past 5 years.
Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)