Cybersecurity Analyst (Network Detection/Network Hunt)
Arlington, Virginia, United States
phia LLCAt phia, trust us to solve the complex challenges of our connected world through top-tier cyber intelligence & threat hunting. Contact us.
At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
We are seeking a Cybersecurity Analyst who is proficient with network detection and network hunt to support a large Federal security operations, analysis, and threat-hunting organization. This team performs both near-realtime intrusion detection and network defense, as well as retrospective analysis in large data sets using “big data” platforms and custom analytics. This position will be based at our customer site in Arlington, VA. This is a hybrid position that will require individuals to be on-site at our customer location two to three days a week on a rotating schedule.
What You'll Do
- Perform technical analysis of network activity across a large enterprise
- Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity
- Assess cyber threat intelligence reporting/indicators/observables/trends and collaborate in the development of IDS signatures, detection analytics and active countermeasures
- Recommend new network-based detection and mitigation/countermeasure strategies, and advise on the development of new tools/capabilities
- Triage detection and countermeasure alerting; assess the effectiveness of those mechanisms and tune to enhance/improve accuracy and precision.
- Develop and apply methods to analyze and visualize network flow data for anomalies and to correlate various types of threat reporting and adversary TTPs with enterprise-wide network activity
- Document key event details and analytic findings in threat intelligence platforms and incident management systems
- Author and publish technical advisories/bulletins/reporting, both on individual events and larger trends
- Produce detailed, comprehensive, and technically sound analysis reports and review analysis reports from other analysts
- Monitor and report on trends and activity on network sensor platforms
- Provide technical assessments of cyber threats & vulnerabilities and use network data to assess the defensive posture/exposure of the organization
- Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends
- Communicate and collaborate with analysts from other cyber analysis teams/organizations (internal and external)
- Provide routine status updates for ongoing projects, trouble tickets, incidents, and other related tasks
- Maintain awareness of major events and trends in the cyber security landscape
- Research and evaluate emerging detection/analysis capabilities
- Innovate new methods to use existing tools and data sources, and identify and obtain new data sources, to detect cyber adversary activity
Education + Experience
- Bachelor’s Degree in Cybersecurity, Information Technology, or a related discipline is desired
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies (TTPs)
- In-depth knowledge of network intrusion detection and analysis principles and methods and related tools/technology
- Direct experience with network traffic monitoring/capture/analysis capabilities, and various IDS, IPS, SIM/SIEM/SOAR technologies, to include IDS signature development and common signature syntax.
- Working knowledge of security operations center (SOC) environments and processes
- Proficiency with datasets that support analysis (e.g., passive DNS, WHOIS/registration data, system/service enumeration data, threat intelligence indicators/observables, malware analysis results, etc) and various open-source and commercial vendor portals/services/platforms that provide that data
- Experience performing or leading SOC or security analysis operations/functions
- Relevant experience in cyber defense, focused specifically on network traffic/intrusion analysis
- Proficiency working with various types of network data (e.g., netflow, PCAP, custom application logs), ideally in high volumes
- Basic software development/scripting capability (primarily focused around analyst automation/optimization, dealing with large analysis datasets, etc.)
- Familiarity with vulnerability research/discovery and management, red-teaming/pen-testing assessment, and security audit methodologies and capabilities
- Familiarity with all related aspects of cybersecurity operations/analysis (e.g., incident response & management, forensic media analysis, malware analysis/reverse-engineering, cyber threat intelligence analysis, etc.) and security architecture & engineering
- Industry certifications such as GCIA, GCIH, GCDA, GCED, GDAT, JCAC are a plus.
- This position will require U.S. citizenship and an active Top Secret security clearance. DHS EOD suitability will be required prior to start.
Who You Are
- A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
- Intellectually curious with a genuine desire to learn and advance your career.
- An effective communicator, both verbally and in writing.
- Customer service oriented and mission focused.
- Critical thinker with excellent problem-solving skills
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
IMPORTANT: This position may be subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19, which the Federal Government is not enforcing at this time.
Who We Are
phia LLC ("phia") is a Northern Virginia-based, 8a certified small business established in 2011 with a focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
- Comprehensive medical insurance to include dental and vision
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
Other jobs like this
SOC Analyst Tier IIIAuditing Automation AWS CISSP CompTIA DevOps Ethical hacking Forensics Google Cloud Governance +8
Career development Competitive pay Flex hours Flex vacation Health care +4
Information Security AnalystAudits C Incident response ISO 27001 Risk management SaaS SOC 2
401(k) matching Career development Competitive pay Flex hours Flex vacation +5
Information Security & Compliance Analyst / Analyste sécurité et conformitéHIPAA Intrusion detection ISMS ISO 27001 Monitoring Network security Risk assessment Security assessments SIEM Vulnerabilities
Career development Fitness / gym Flex hours
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Head of Information Security jobs
- Open Senior Information Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Staff Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Encryption-related jobs
- Open CEH-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Threat detection-related jobs
- Open Open Source-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open DevSecOps-related jobs
- Open Machine Learning-related jobs