Cybersecurity Responder Analyst

SIEM, Forensics, malware threats, ArcSight, SPLUNK, SNORT, Wireshark, signatures, analysis, malicious, scripting, SOC, GIAC, Top Secret
Full Time
$0 - $0
Work from home not available Travel not required

Job Description


We are seeking a Cybersecurity Responder/Analyst candidate for a full time opening in Washington, DC. This position is 7 PM to 7 AM.  All applicants must be U.S Citizens with an active Top Secret Clearance and the ability to obtain a Q/SCI.
PRIMARY RESPONSIBILITIES:



  • Serve as the Cybersecurity Responder/Analyst responsible for analyzing information collected from a variety of sources to identify, analyze, respond to, contain, and report on events to protect information systems and networks from threats.

  • Perform technical security activities to include:


    • Characterize and analyze security events to identify anomalous and potential threats to systems

    • Analyze identified malicious activity to determine exploitation methods and impacts

    • Triage, contain, and remediate intrusions, malware, and other cybersecurity threats

    • Document, track and escalate cybersecurity incidents



  • Employ best practices when implementing security requirements within an information system. 

  • Participate in IC Community working groups.

  • May serve as a technical team or task leader.

  • Maintains current knowledge of relevant technology and threats as assigned.

  • Respond to cyber incidents as defined in Incident Response and local SOP.

  • Participates in special projects as required.

  • Participate as central part of a 24x7 watch center responsible for monitoring for, responding to, tracking, and relaying information from cybersecurity events and associated cyber threat intelligence.

  • Answer SOC Watch phones and monitor SOC Watch email.

  • Define, implement, and respond to cybersecurity alerts for anomalous and malicious activity

  • Implement new signatures and IOCs

  • Maintain current knowledge of common adversary tactics, techniques, and procedures.

  • Working in a SIEM, interpreting IDS alerts, interpreting pcap, sysmon, and NetFlow data, and deriving context from event logs and forensic artifacts

  • Knowledge of the intelligence community and audit collection policies.

  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.

  • Coordinate incident and cyber threat intelligence data with other cybersecurity operations and intelligence centers


 
The Cybersecurity Responder/Analyst duties also include the following, and ideal applicants will be experienced in at least one of the following areas:



  • Digital Forensics for Incident Response

    • Ability to forensically capture data from various computers, systems, and mobile devices

    • Ability to identify processes and actions that occurred on devices and operating systems

    • Ability to conduct a comprehensive and forensically-sound investigation

    • Ability to document and explain technical details in a concise, and understandable manner



  • Malware Analysis

    • Conduct both dynamic and static analyses of suspicious code to create signatures that indicate its presence

    • Document malware threats and identify procedures to avoid them or eliminate

    • Analyze programs and software using investigation programs to identify threats

    • Ability to document and explain technical details in a concise, and understandable manner



  • Reverse Engineering

    • Performing static and dynamic code analysis of malicious Windows executables

    • Reverse engineering malware, data obfuscators, or ciphers

    • Ability to use various compilers, GNU’s, Intel’s, PGI’s, CAP’s

    • Ability to document and explain technical details in a concise, and understandable manner



  • Penetration testing

    • Possess an intermediate to expert proficiency in Python, Perl, PowerShell or Bash

    • Develop comprehensive reports and presentations for penetration tests or red team engagements.

    • Possess knowledge of vulnerabilities and exploits outside of standard tool suites

    • Ability to document and explain technical details in a concise, and understandable manner







  • Data Analytics/Machine Learning

    • Ability to develop pattern from data or extract rich information from data analysis

    • Ability to configure systems to learn from data, identify patterns and make decisions with minimal human intervention

    • Ability to document and explain technical details in a concise, and understandable manner



  • Coding in PowerShell, Python, or equivalent

    • Scripting language experience (VBScript, JavaScript, Perl, and Python, WMI, and Batch.)

    • Experience/knowledge of performance engineering in large environments

    • Problem-solving and good analytical skills

    • Ability to document and explain technical details in a concise, and understandable manner




 
GENERAL CHARACTERISTICS:



  • Candidate will be a proactive self-starter

  • Candidate will require little to no immediate supervision or day to day tasking

  • Candidate will possess excellent decision-making skills.

  • Candidate will demonstrate flexibility and possess the willingness to support shift work if needed.

  • Candidate will possess excellent ability to collaborate as a team and possess excellent interpersonal skills.

  • Candidate will possess excellent oral and written communication skills and be able to interact with senior levels of management.

  • Experience working in Cybersecurity with a Bachelor’s Degree or equivalent experience in a technical field.

  • Desired candidates have GIAC or other security certification.

  • Possesses experience supporting the Intelligence Community (IC)

  • Experience analyzing host based security events and indicators

  • Experience analyzing network based security events and indicators

  • Experience working in a SOC and supporting incident response

  • Experience with supporting the Joint Worldwide Intelligence System (JWICS).

  • Knowledge of cloud architecture.

  • Knowledge of virtualization capabilities


 
CLEARANCE:
 Must possess an active TS clearance (SCI preferred) and ability to obtain a Q/SCI clearance. To ensure Q clearances are processed in a timely manner (3-6 months), candidates must be natural born citizens.
 
 


Posted By

Eva Clements

305 Harrison Street SE, Suite 100B Leesburg, VA, 20175

Contact
Dice Id : 10507395
Position Id : 5861160
Originally Posted : 7 months ago
Have a Job? Post it

Similar Positions

Security Operations Center Analyst
  • United Data Technologies Inc
  • Washington, DC
Computer Security Analyst
  • SOS International LLC (SOSi)
  • Washington, DC
SOC Incident Response
  • CyberData Technologies
  • Rockville, MD
Tier 1 SOC Analyst
  • Base One Technologies
  • Alexandria, VA
Incident Response Analyst - Tier 1
  • Leidos
  • Alexandria, VA
IT Security Administrator
  • Robert Half Technology
  • Bethesda, MD
Senior Security Architect
  • Skyline Technology Solutions
  • Glen Burnie, MD
Overnight SOC Analyst
  • Attain
  • Herndon, VA
Technical Security Analyst
  • Glotel
  • Sterling, VA
Application Security Analyst
  • Integrated Systems, Inc.
  • Washington, D.c., DC
Data Security Analyst
  • ObjectWin Technology Inc
  • Sterling, Virginia