Cybersecurity Analyst

We are seeking a skilled Tier II Cybersecurity Analyst to provide support to our client in Washington D.C. / Hybrid. The successful candidate will be responsible for analyzing network traffic and log data to determine the threat/impact against the network, recommending appropriate countermeasures, and facilitating the tracking, handling, and reporting of all security events and computer incidents.

• Provide Tier 2 support by analyzing network traffic and various log data to determine the threat/impact against the network, recommending appropriate countermeasures, and facilitating the tracking, handling, and reporting of all security events and computer incidents.
• Remediate and apply lessons learned to security incident investigation and resolution.
• Perform monitoring, identification, and resolution of security events to detect threats through analysis, investigations, and prioritization of events based on risk/exposure.
• Develop processes that analyze data and produce accurate, meaningful, easily interpreted results based on user requirements and use cases.
• Develop processes that align with enterprise incident response activities and coordinate closely with other teams within the Security Operations Center.
• Create custom tool content to enhance capabilities of security operations teams.
• Manage the collection, documentation, and research of security events generated by the SOC monitoring platform and infrastructure.
• Perform Security Incident Management aligned with NIST standards.

• Standard Operating Procedures
• Concept of Operations (CONOPS)
• Incident Response Plans
• Training Exercises
• Tool configurations and content creation

• 1-3 years of experience on one of the following team(s): Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), or a Security Operations Center (SOC).
• Bachelor's degree in Computer Science, Information Technology, or a related technical field. Additional years of experience can be substituted for a degree.
• Experience with Security Information and Event Management (SIEM) Systems, Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, and large Enterprise or Cloud environments.
• Experience with Incident Response, analysis of network traffic, log analysis, ability to prioritize and differentiate between potential intrusion attempts and false alarms, managing and tracking investigations to resolution.
• Good interpersonal skills to interact with customers, team members, and support personnel.
• Strong analytical and problem-solving skills for investigating security issues.
• Familiarity with one of the following: NIST Incident Response Lifecycle, Cyber Kill Chain, Adversarial Tactics, Techniques & Common Knowledge (ATT&CK).
• At least one active security certification.

• Programming and/or scripting language experience; ideally PowerShell.
• Search query language experience and content creation; ideally Kusto.
• Project management experience to help build tiger teams for special projects.
• MS Office, Visio, PowerBI proficiency.