Cyber Security Intrusion Analyst – Intermediate
Monitors the overall security posture of the client’s host-based and network-based assets by detecting, analyzing and responding to security alerts and events.
Detection, response, mitigation, and/or reporting of cyber threats affecting client networks and one or more of the following:
Computer intrusion analysis
Computer network surveillance/monitoring
Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures
System log analysis
Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
Demonstrated ability to document processes
Ability to work shift as required (night and day shifts).
Intermediate (3 – 5 Years of Experience)
Minimum of six (3) years of network defense/information assurance experience.
Experience with process development and deployment
Prior experience with data correlation tools such as ArcSight, QRadar, LogRhythm, Splunk, etc.
Security Operations Center (SOC) experience.
Must be able to work collaboratively across agencies, other contractor vendors, and physical locations
Strong verbal and written communication skills.
Security Information and Event Management (SIEM) – detection and analysis, policy/signature (custom) development and management
Network Based Intrusion Prevention System (IPS) – detection and analysis, policy/signature (custom) development and management
Host Based Security System (HBSS) – event analysis and signature/policy development and management
Enterprise Firewalls – event/incident analysis and log review
Analytical skill and the ability to analyze customer requirements for security issues
Experience in developing, refining, and performing advanced analysis to uncover new or potential incidents
Experience in performing in-depth analysis and recommending defensive and proactive operations to defend against potential and malicious activity or inappropriate use by any internal or external entity (e.g. conducting malicious code activity analysis, determining the effects on a system or the network, assisting in gathering potential evidence for law enforcement)
Experience reviewing security architecture and design diagrams detailing ports, protocols, and services
Experience in assessing threat indicators (e.g. Malware/Malicious Anomalies/Abnormal network Activity/Root Level Compromise, etc.)
Experience in collaboration with other teams performing similar services identified as a part of the CND framework
Experience in preparing incident reports of analysis, methodology, and results.
Bachelor’s Degree in Computer Science or related technical discipline, or the equivalent combination of education, professional training, or work experience.
Secret clearance at a minimum but may require Top Secret/SCI in the future.
DOD 8570.01-M compliance at IAT Level II (GSEC, Security + CE, SSCP).
DOD 8570.01-M compliance for CNDSP Analyst (GCIA, C|EH, GCIH) *mandatory within four (4) months of assignment to CND role.