Cybersecurity Responder Analyst
We are seeking a Cybersecurity Responder/Analyst candidate for a full time opening in Washington, DC. All applicants must be U.S Citizens with an active Top Secret Clearance and the ability to obtain a Q/SCI.
- Serve as the Cybersecurity Responder/Analyst responsible for analyzing information collected from a variety of sources to identify, analyze, respond to, contain, and report on events to protect information systems and networks from threats.
- Perform technical security activities to include:
- Characterize and analyze security events to identify anomalous and potential threats to systems
- Analyze identified malicious activity to determine exploitation methods and impacts
- Triage, contain, and remediate intrusions, malware, and other cybersecurity threats
- Document, track and escalate cybersecurity incidents
- Employ best practices when implementing security requirements within an information system.
- Participate in IC Community working groups.
- May serve as a technical team or task leader.
- Maintains current knowledge of relevant technology and threats as assigned.
- Respond to cyber incidents as defined in Incident Response and local SOP.
- Participates in special projects as required.
- Participate as central part of a 24x7 watch center responsible for monitoring for, responding to, tracking, and relaying information from cybersecurity events and associated cyber threat intelligence.
- Answer SOC Watch phones and monitor SOC Watch email.
- Define, implement, and respond to cybersecurity alerts for anomalous and malicious activity
- Implement new signatures and IOCs
- Maintain current knowledge of common adversary tactics, techniques, and procedures.
- Working in a SIEM, interpreting IDS alerts, interpreting pcap, sysmon, and NetFlow data, and deriving context from event logs and forensic artifacts
- Knowledge of the IC and audit collection policies.
- Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
- Coordinate incident and cyber threat intelligence data with other cybersecurity operations and intelligence centers
The Cybersecurity Responder/Analyst duties also include the following, and ideal applicants will be experienced in at least one of the following areas:
- Digital Forensics for Incident Response
- Malware Analysis
- Reverse Engineering
- Penetration testing
- Data Analytics/Machine Learning
- Coding in Powershell, Python, or equivalent
- Candidate will be a Proactive Self Starter
- Candidate will Require Little to No Immediate Supervision or Day to Day Tasking
- Candidate will Possess Excellent Decision Making Skills.
- Candidate will Demonstrate Flexibility and Possess the Willingness to Support Shift Work if Needed.
- Candidate will Possess Excellent ability to collaborate as a Team and Possess Excellent Interpersonal Skills.
- Candidate will Possess Excellent Oral and Written Communication Skills and be able to Interact with Senior Levels of Management.
- Experience working in Cybersecurity with a Bachelor’s Degree in a technical field.
- Desired Candidates have GIAC or other security certification.
- Possesses experience supporting the Intelligence Community (IC)
- Experience analyzing host based security events and indicators
- Experience analyzing network based security events and indicators
- Experience working in a SOC and supporting incident response
- Experience with supporting the Joint Worldwide Intelligence System (JWICS).
- Knowledge of cloud architecture.
- Knowledge of virtualization capabilities
Must possess an active TS clearance (SCI preferred) and ability to obtain a Q/SCI clearance. To ensure Q clearances are processed in a timely manner (3-6 months), candidates must be natural born citizens.