Senior Information Security Analyst (L3)
MGT Consulting Group is a national leader in public sector management consulting and services that delivers diverse business consulting services to a wide range of public sector groups. Celebrating its 45th year in 2019, the firm attracts exceptional talent and empowers them to exceed client expectations as they navigate the dynamic demands of public agency performance
As part of our Technology Solutions Group (Cira Infotech) , you will assist in leading a team responsible to respond to incidents and triage information ,security events , incidents & perform forensics . In this role, you will collaborate alongside a team of skilled analysts to address complex problems within a 24x7 Security Operations Center (SOC).
If you are looking for a job that challenges you and gives you the opportunity to make an impact, where ideas are encouraged, and an entrepreneurial spirit is essential, then MGT Consulting may be the place for you.
- Part of Managed Detection and Response (MDR) team to effectively prepare, detect, and respond to incidents.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
- Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
- Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
- Detect and respond to alerts from end point detection response tools.
- Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities.
- Provide escalation support and document resolutions for improvement
- Work with the Account Management team as a Security SME to advise clients on applicable security solution technology, practices, managed services, and available solution programs.
- Provide weekly and monthly reports on Security Incident Response team activities
- Coordinate and provide expert technical support to resolve cyber defense incidents. Coordinate with intelligence analysts to correlate threat assessment data
- Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
- Investigate anomalies observed within the network and to remediate network and systems outages
- Experience working with NDR tools as well as SIEM tools such as LogRhythm, Rapid7, Splunk etc.
- Familiarity with industry standards such as PCI DSS, HIPAA, CIS Critical Controls, NIST, OWASP.
- Experience in creating, documenting, and maintaining policies, procedures, and workflows is strongly preferred
- Lead the SIEM Practice team and ensure the delivery of the team
- Role involves 75% technical and 25% lead activities.
- Bachelor’s Degree in Cybersecurity, Technology, Business, or related field
- Eight (8) or more years’ experience working in Cybersecurity space
- Experience in Performing the Forensics by using the toolkit FTK / Autopsy etc..
- Running and Handling the Incident Response Team (IRT) and procedures in the SOC Division.
- Proven successful experience in dynamic, high growth environment or start-up company
- Been a part of L3 Support and provided technical solutions
- Should have proven lead experience to manage the delivery of projects
- Experience as a Security SME to advise clients on applicable security solution technology, practices, managed services, and available solution programs.
- Experience with MDR tools and SIEM tools
- Expert on Incident Triage and incident handling
- Experience in real-time cyber defense incident handling - forensic collections, etc.
- Demonstrated experience in Networking and Network Security products including Managed Detection and Response, Next Gen Firewalls, IDS/IPS, SIEM Solutions, SOAR, Cloud Security, End Point Security, Vulnerability and Penetration Testing Services
- Demonstrated ability to discuss the financial and business implications of solutions
- Understanding of Cloud based solutions such as AWS, Azure, and/or Google Cloud
- Familiarity with governance and compliance issues and management/reporting solutions and requirements. Working knowledge of HIPAA, PCI, FERPA, CIPA, GDPR, etc.
- Certifications like CISSP or CNFE must have. Having both will be perfect.
- Experience working in an MSP/MSSP is a plus
- Experience being a forensics investigator
- Certified Network Forensics Examiner (CNFE) preferred.
- Certifications like CEH, CHFI, CTIA, SOC Analyst or any Sans certs highly preferred.
Please apply or email Directly to and send your updated resume for immediate consideration.