Threat Detection Analyst
Morrisville, North Carolina, United States
phia LLC
At phia, trust us to solve the complex challenges of our connected world through top-tier cyber intelligence & threat hunting. Contact us.At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
We are currently seeking a Threat Detection Analyst to join us supporting a federal customer’s Risk Based Alerting (RBA) Team. RBA supports the Cybersecurity Operations Center (CSOC) by writing, maintaining, and tuning detection logic across a suite of technologies and security appliances. This Cyber Operations Specialist coordinates with Security Engineers, Splunk administrators, and system owners to integrate the detections, troubleshoot issues, and measure the program’s effectiveness to identify, correlate, and enrich suspicious events in the enterprise.
This position is currently remote with an expectation to return to the office either full time or hybrid in the future at the discretion of the customer. The ideal candidate is located within commuting distance of Morrisville, NC or Falls Church, VA
What You'll Do
- Write, modify, and manage detection logic using Splunk, Tanium, cloud, and network intrusion detection systems (NIDS)
- Integrate open-source and vendor signatures and rules, such as Sigma, Snort, Splunk Enterprise Security Alerts, Tanium Signals, Yara, etc.
- Formulate strategic mitigation recommendations and/or plans
- Collaborate with CSOC analysts and Pen Test team to test and tune detections
- Assist the CSOC in understanding and responding to alerts generated from RBA detections
- Collaborate with the threat intelligence team to analyze threat reporting, identify gaps in detection capabilities to address threat actor TTPs, and develop new signatures to address them
- Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
Requirements
Education + Experience
- Preferred 7+ years’ experience in a security operations technical role
- Bachelor's in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or similar (desired)
- 3+ years experience with Splunk, MITRE ATT&CK Framework, Endpoint Security Services
- Experience with host level scripting, eg. Powershell.
- Experience in working with one or more Cloud Platforms
- Familiarity with cybersecurity operation center functions
- Linux Administration and monitoring
- Windows Administration and monitoring
- Experience with Security framework and can interpret use cases into actionable monitoring solutions.
- Experience with Security framework and can interpret use cases into actionable monitoring solutions.
Certifications
One of the following or willingness to achieve upon hire:
- CompTIA Security
- GIAC: GSEC, GCIH, or GCIA
Desired Knowledge, Skills and Abilities
- Knowledge of MITRE ATT&CK framework and applying the techniques to signatures and rules
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Fundamental understanding of Windows and Linux operating systems.
- Ability to leverage scripts to automate routine tasks and processes
- Skill in preserving evidence integrity according to standard operating procedures or national standards.
Security Clearance Requirements
- Ability to obtain Public Trust (or higher) government clearance. Active USPS Sensitive clearance preferred.
Who You Are
- A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
- Intellectually curious with a genuine desire to learn and advance your career.
- An effective communicator, both verbally and in writing.
- Customer service-oriented and mission-focused.
- Critical thinker with excellent problem-solving skills.
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
IMPORTANT: This position is subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19. As a condition of employment, the successful candidate will be required to provide proof of full COVID-19 vaccination prior to commencing employment. Prospective or new employees who are unable to be vaccinated due to medical reasons or a sincerely held religious belief may request a reasonable accommodation. This request must be approved prior to the start of employment to the extent a reasonable accommodation is available that does not pose an undue hardship on phia or a direct threat to the candidate or phia’s employees.
Benefits
Who We Are
phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
- Comprehensive medical insurance to include dental and vision
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
Tags: Application security Clearance Cloud CompTIA Computer Science Cyber defense DoD Endpoint security GCIA GCIH GIAC GSEC Incident response Intrusion detection Linux MITRE ATT&CK Monitoring PowerShell Scripting Security Clearance Snort Splunk SQL Strategy Threat detection Threat intelligence TTPs Vulnerabilities Windows XSS
Perks/benefits: 401(k) matching Career development Health care Insurance Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs