Responsibilities include the acquisition, vetting, and validation of cyber threat intelligence from various internal and external sources. This individual focuses on the fidelity and contextual analysis of indicators of compromise and attacker TTPs (tactics, techniques and procedures) in support of security operations. The successful candidate will be responsible for creating and executing incident response plans, processes, and procedures and performing root cause evaluations. Needs to be able to define events vs. alerts vs. incidents for the organization, and create incident classification, severity, and priority tables in line with all threats, risks and vulnerabilities. Must be able to identify and document incident trends and compromise patterns. The successful candidate will be located at the customer site in a leadership role representing our client. He or she should be able to mentor and coordinate tasking for team members.
The Analyst would have the following experience:
o Five or more years of technical experience in the information security field
o Three or more years of incident response, analysis and escalation experience
o Familiarity with security regulatory requirements and standards (such as NIST 800 series, ITIL, PCI)
o Advanced knowledge and experience with the multiple operating systems (Windows, *nix, OSX, IOS and other infrastructure device OS)
o Advanced experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers, and Malware analysis and forensics tools
o Advanced knowledge of the TCP and IP protocol suite, security architecture, and remote access security techniques and products
The Analyst would be responsible for:
o Support cyber security initiatives through both predictive and reactive analysis.
o Coordination of resources during enterprise incident response efforts, driving incidents to resolution.
o Employing advanced forensic tools and techniques for attack reconstruction and intelligence gathering.
o Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
o Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
o Strong communication skills both written and oral
o Advanced understanding of networking, system of systems architecture
o In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platforms (e.g., Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk)
o Correlate actionable security events from various sources and develop unique correlation techniques.
o Review threat data from intel feeds and develop custom signatures for detection capabilities.
o Experience with malware analysis concepts and methods.
o Bachelorís degree in management information systems, computer science, or related discipline is required. Additional experience will be considered in lieu of a degree.
Additional Information related to Objectives:
o Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks.
o Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
o Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution.
o Employs advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis.
o Supports internal HR/Legal/Ethics investigations as forensic subject matter expert.
o Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
o Reviews threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities.
o Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques.
o Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
o Develops analytical products fusing enterprise and all-source intelligence. May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols.
o Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense.
||Cyber Intel Analyst
Opportunity Employer M/F/D/V