Cyber Intelligence Analyst

Responsibilities:

• Security Analysts shall act as a member of a team that provides support to monitor and analyze security events and alerts reported by the SIEM on a 24×7 basis to identify and investigate suspicious or malicious activity, or other events which violate DHS policy.
• Personnel shall be familiar with analyzing security logs and events from the following types of devices: Firewalls, NIDS, HIDS, Proxy/web filter, vulnerability scans, routers, router IP accounting systems (i.e., Cisco NetFlow), Virtual Private Network (VPN) gateways/concentrators, server event logs, e-mail and host anti-virus, desktop security monitoring agents, Anti-Virus servers, Internet Protocol services (i.e. DNS, DHCP).
• Personnel shall open a case in the SOC ticket management system for all security investigations performed, or security incidents handled, as part of this service.
• Security Analysts shall collect and maintain information pertinent to security investigations and incidents in a form which can support current and/or future analysis, situational awareness, and law enforcement investigation efforts.
• Personnel shall be able to engage and coordinate incident remediation procedures with appropriate IT infrastructure operations and management team (IO&M); i.e. the IT Infrastructure Provider Operations Team, IR Team, Engineering and Architecture Team, etc.; to request additional information during the course of determining, confirming, and validating the veracity of a security event, as required. Analysts shall provide support with the maintenance of all email or any record of correspondence associated with all security events and incident investigations within the SOC ticket management system to serve as an audit trail record.
• Personnel shall be able to identify and perform initial triage of security feeds outages, and support the remediation by the appropriate IT IO&M team.
• Personnel shall act as a member of the team that provides 24×7 monitoring and analysis of available; i.e. open source, US-CERT, DHS, FOUO indicators from HSDN, trusted third parties, social media, etc.; sources of threat data to assess the potential risks it may present against the infrastructure.

MINIMUM YEARS OF RELEVANT EXPERIENCE AND EDUCATION

• Minimum of three (3) years of professional experience in incident detection and response and/or cyber intelligence analysis, and
• Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field.

REQUIRED SKILLS

• Must possess strong organizational, analytical and attention to detail skills
• Must have the ability and prior experience with analyzing information technology security events to discern events that qualify as a legitimate security incidents as opposed to non-incidents. This includes the identification of malicious code present within a computer system as well identification of malicious activities present within a computer system and/or enterprise network.
• Must have experience working with a ticket management system to collect, document and maintain information pertinent to security investigations and incidents
• Must possess excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings
• Must possess experience in monitoring the operational status of monitoring components and escalating and reporting outages of the components
• Must possess a working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks. A conceptual understanding of Windows Active Directory is also required.
• Must possess a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.)
• Must have experience working with various event logging systems and must be proficient in the review of security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also required.
• Must have experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
• Must possess experience in collecting and maintaining information pertinent to security investigations and incidents in a format that supports analysis, situational awareness reporting, and law enforcement investigation efforts

MINIMUM CLEARANCE

• Active Secret

Job Type: Full-time