Cybersecurity Analyst

We are seeking a skilled Cybersecurity Analyst to support our Security Operations Center (SOC) team. The ideal candidate will be responsible for monitoring security events, responding to incidents, and ensuring the safety and security of our organization.

The Cybersecurity Analyst will be responsible for analyzing network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used. They will also develop processes to enhance SOC response and efficiency.

Key Responsibilities:

• Support the SOC team in operating and performing duties in a Security Operations Center (SOC) to provide a secure environment that facilitates monitoring, incident response, malware analysis, and threat hunting activities.
• Develop and utilize analytics on the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices.
• Assess Security Technical Implementation Guides (STIGs) compliance and completion.
• Utilize asset mapping tools to verify connected inventory.
• Handle Information Assurance Vulnerability Management (IVAM) notifications.
• Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions.
• Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency.

Qualifications:

• (Journeyman level) At least 3 years, (Junior level) applicable 1 to 2 years of experience in security operations, demonstrating analytical duties and performing host or network analysis.
• Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, system/application vulnerabilities, and compliance with Department of Defense (DoD) policies and procedures.
• Applied knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center.
• Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATTCK framework, with the ability to collaborate effectively across multiple locations.

Desired Skill sets:

• Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)
• Strong analytical and troubleshooting skills
• Able to provide expert content development in Splunk Enterprise Security using tstats and data models
• Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances
• Experience in other tools and protocols as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP
• Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
• Familiar with the operations and functions of Nessus or security center management
• Can assist and provide technical input to research, discover, implement hardware and software
• Understands importance and fundamentals of logistics and evidence handling
• Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification

Examples of other certifications include:

• Offensive Security Certified Professional (OSCP)
• GIAC Response and Industrial Defense (GRID)
• CERT Certified Computer Security Incident Handler
• ECC CEH (Electronic Commerce Council Certified Ethical Hacker)
• GCIH (GIAC Certified Incident Handler)
• GISF (GIAC Information Security Fundamentals)
• CISSP (Certified Information System Security Professional)

Additional certifications at an equivalent may also be considered.