Insider Threat Analyst
Springfield, VA
Applications have closed
XOR Security is currently seeking a Cyber Insider Threat Analyst to support an Agency-level Focused Operations (FO) team at DHS. The FO program is part of a purple team that provides comprehensive Computer Network Defense (CND) and Response support through monitoring and analysis of potential threat activity targeting the enterprise. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. This position will be asked to collect and analyze intelligence (monitoring) regarding cyber threats associated with trusted insiders as well as process and coordinate the response to such threats. The Contractor performs their duties under the direction and guidance of a Team Lead. The ideal candidate would be familiar with intrusion detection systems (HIDS/NIDS), intrusion analysis, security information event management (SIEM) platforms, endpoint threat detection tools (e.g., EDR), and security operations ticket management. Hunt operations, while not staffed 24x7, will be on-call seven days a way, 24 hours a day.
Corporate duties such as solution/proposal development, corporate culture development, mentoring employees, supporting recruiting efforts, will also be required. Program has on-site requirements in Springfield, VA one or more day a week for all staff.
Job Responsibilities:
In support of this task and the activities listed above, the Contractor shall:
- Provide security event monitoring for all the organization’s unclassified systems for Insider Threat.
- Collect, document, correlate and analyze security events and incidents impacting the unclassified systems.
- Analyze network traffic patterns and anomalies expressed within the logs, events, data, and information collected from various sources within the Enterprise and identify and confirm security events, intrusions, attacks, and security breaches.
- Create, maintain and continually update SOPs, guidelines, reports and other documents pertaining to the operation, maintenance and upkeep of the Cyber Insider Threat program.
- Collaborate, communicate and coordinate with other components, and/or any other group or entity, to support and facilitate the remediation, mitigation and resolution of security incidents that transpired on target networks.
- Assess and report the risk or threat level of suspected or confirmed incidents.
- Provide documentation detailing any additional information that it will collect and maintain for each security investigation.
Candidate must have the required Qualifications:
- Must have at least 3 years of experience in a cyber network defense environment with lead position experience preferred.
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering.
- Active Top Secret Clearance and SCI Eligibility.
- Prior experience and ability to analyze information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
- Strong logical/critical thinking abilities, especially analyzing security events.
- Knowledge of insider threat types, how to detect them, and knowledge of the types of security risks that can exist within the targeted organization.
- Knowledge of incident categories, incident responses, and timelines for responses for insider threat cases.
- A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment.
Desired Qualifications:
- Ability to work on-call during critical incidents or to support coverage requirements (including weekends and holidays when required).
Closing Statement:
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET CLEARANCE REQUIRED!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Analytics Clearance Clearance Required CND Computer Science DNS EDR Incident response Intrusion detection Linux Monitoring SIEM SMTP SQL Threat detection Top Secret Top Secret Clearance Windows
Perks/benefits: 401(k) matching Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs