Cyber Security Defense Analyst

Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission. We are Veteran-owned and proud to serve customers across the Federal Government and private sector. We have an opening for a full-time, permanent Cyber Security Defense Analyst - Senior to join our talented, dynamic team in support of a large Federal Government customer.

Veterans are encouraged to apply.

The Cyber Security Defense Analyst will provide real-time monitoring of a Federal enterprise IT environment, including cloud-based environments, to detect and rapidly respond to insiders who pose a threat to the confidentiality, integrity, and availability of all Controlled Unclassified Information (CUI) stored, processed, and disseminated by the organization. This task is primarily focused on monitoring the IT environment for Precursors of Compromise (POCs) and highlighting insider risk and Indicators of Compromise (IOCs) related to insider threat activity. The Cyber Security Defense Analyst will be responsible for tailoring data feeds (such as system logs, signatures, alerts, etc.) and for correlation and incident analysis using a variety of IT monitoring and security event correlation technologies, including SIEM, EDR, XDR, IDS, UEBA, DLP, and SOAR, as well as related capabilities.

Responsibilities:

• Establish a communication approach that provides effective, consistent, and clear communication to all key technical customers, team members, and other teams.
• Review and analyze log files from various sources such as SIEM, EDR, packet captures, and host logs to report any unusual or suspect activities
• Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
• Determine scope of intrusion and recommend remediation activities to secure the source or initial point of access of intrusion
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Coordinate with enterprise-wide cyber defense staff to validate network alerts
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
• Provide recommendations and custom solutions to counter adversarial activity
• Provide technical summary of findings in accordance with established reporting procedures

Requirements

• Experience and Education
  • At least 5 years of related experience in Cyberspace Operations, Network Security, Computer Forensics, Network Forensics, Cyber Threat Analysis, Cyber Threat Hunting, Penetration Testing, Insider Threat Detection/Mitigation, or Incident Detection and Response.
  • Or a Bachelor’s degree from an accredited institution in Information Technology, Computer Science, Information Systems Management, Cybersecurity or related field and three (3) years of specialized experience.
• Hands on experience with at least five of the required disciplines listed below:
  1. Collecting and analyzing information system artifacts to determine root cause and assess impact of security events and incidents.
  2. Performing intake and triage activities to determine urgency and prioritization of workloads.
  3. Capturing event and incident details as defined within the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency’s (CISA) and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61r2.
  4. Providing detection and identification of anomalous, suspicious, or malicious activities that may be indicative of an insider threat.
  5. Refining data feeds, draft rules, signatures, alerts, etc. within COTS products, including SIEM, EDR, XDR, IDS, DLP, UEBA and SOAR, as well as related capabilities for improving insider risk and insider threat detection capabilities.
  6. Performing research, analysis, and correlation across a wide variety of technical and non-technical data sets to gain situational awareness, characterize events and incidents, assess impact, and distinguish benign activities from malicious activities.
  7. Documenting and escalating incidents that may cause ongoing and immediate impact to the IT environment.
  8. Analyzing information collected over periods of time to make assessments regarding trend anomalies related to user information and information systems.
  9. Coordinating with the appropriate staff members to validate or de-conflict network alerts, anomalous activity, and user-generated reports.
  10. Using Standard Operating Procedures (SOPs) and Playbooks on M&A operations.
  11. Providing notifications and communicating event and incident details to customers.
  12. Working in an Agile environment using Kanban boards to track and report status of projects, work products, and deliverables.
  13. Supporting insider threat risk assessments and determining risk mitigation priorities.

Minimum Education Requirements

Candidates should possess a bachelor’s degree from an accredited institution in Information Technology, Computer Science, Information Systems Management, Cybersecurity, or related field.

Minimum Certification Requirements

Candidates must possess one of the following certifications:

• CompTIA Cybersecurity Analyst (CySA+)
• EC-Council Certified Incident Handler (ECIH)
• EC-Council Certified Network Defender (CND)
• EC-Council Certified SOC Analyst (CSA)
• GIAC Certified Detection Analyst (GCDA)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Forensics Examiner (GCFE)
• GIAC Certified Forensics Analyst (GCFA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Open Source Intelligence (GOSI)
• GIAC Penetration Tester (GPEN)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Security Expert (GSE)
• ISC2 Certified Information System Security Professional (CISSP)

Note: All certifications must be current and active at the time the individual is on-boarded to support the contract. Certifications must remain active throughout the period of performance.

Benefits

Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:

• 401(k) with company match
• Dental Insurance
• Health Insurance
• Vision Insurance
• Life Insurance
• Paid Time Off

About Maveris

Maveris offers exceptional, mission-focused, solutions to organizations facing highly complex IT, digital, and cybersecurity challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Maveris brings something unique to the table, and because our team is diverse, we consistently meet our goals and exceed client expectations. If you are a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!

To learn more about employee benefits visit www.maveris.com.
For company updates and the latest job postings check us out on LinkedIn.
If you'd like to read about some of our research and projects head over to Maveris Labs.
Want a more behind the scenes view? Check out our blog Maveris Insights to learn more about the team behind the solutions.