Cyber Threat Security Analyst

Company Overview:

For the past 15+ years, eTelligent Group has consistently delivered excellent services that are demonstrated through our exceptional past performances. As a WOSB, and small business, we have distinguished our company as effective problem solvers with innovative, scalable solutions. We integrate CMMI Dev V2.0 Level 3 processes, tools, and techniques with innovative, cost-efficient, and secure solutions to address complex challenges. We also hold ISO 9001:2015, ISO/IEC 27001:2013, and ISO/IEC 20000-1:2018 certifications.

Description:

The Cyber Threat Security Analyst will review current sources that feed the Security Information and Event Management (SIEM) solutions and work towards collaboration with the Security Operations Center (SOC) to provide, at a minimum, off-hours monitoring. Include all relevant security logs with synchronized time stamps for accurate correlation from all sources available. The Cyber Threat Security Analyst will work in a 24x7x365 environment operation. At a high level, this position will be responsible for operation, maintenance, and monitoring of Security Events for Federal customers and internal Federal Service Enclaves. This role performs security event management functions – monitoring the Splunk Dashboard, detection, triage of security events and alerts in SIEM and associated monitoring systems. The position will be responsible for establishing technical processes and tools focused on Incident Response and Threat Hunting.

Roles & Responsibilities:

• Constantly monitoring the Splunk Dashboard, escalating and reporting potential user-related incidents; creating and updating incident cases and tickets; risk assessment analysis for Privilege Access Management (PAM) for elevated, global, privileged users and users with access to sensitive data sources such as FTI/PII/SBU systems.
• Monitor the environment for both internal and external threats leveraging monitoring information from the boundary devices, isolation devices, workstation and server devices, and intrusion/prevention devices.
• Support and enhance abilities to detect and respond to security incidents including internal events, targeted attacks, and all other cyber incidents.
• Actively hunt the enterprise for insecure, suspicious, or malicious activity.
• Update and maintain response guides for accuracy.
• Remediate and document information security incidents not limited to dashboard (Advanced Threat Appliance & SIEM) alerts, tickets, emails, or phone calls.
• Ensure infrastructure, event feeds, event processing, and asset intelligence are available and operating effectively.
• Discover, implement, and automate of “Indicators of Compromise” in order to detect intrusions, and significantly lower time to response.
• Implement MITRE ATT&CK or Kill Chain Framework.
• Facilitate the coordinated response to an intrusion, minimize the impact of the threat, return the integrity of customer assets and network as quickly as possible.
• Lead significant incidents as needed or assigned.
• Research and understand initial threat vectors and create protection mechanisms to prevent threat recurrences.
• Recommend security best practices and system configuration standards.
• Analyze malware, data leak, web filters, application controls, DDoS, network indicators, and call back channels, and design and implement detection mechanisms.
• Identify new technology to be reviewed by the Incident Response Team.
• Maintain both internal and customer facing incident documentation, participate in post-mortems, and write incident reports.
• Support Incident Response Team by managing projects that have high visibility by management.
• Identify and mitigate real-time attacks through the leveraging of multiple sourced, correlated data such as host and network-based IDS/IPS data, forensic data, and antivirus. This could include signature, flow, anomaly, and full packet capture analysis.
• Maintain an expert knowledge of modern hacker tools, methodology, and attack trends.
• Act as POC Incident Commander for all Zero Day Security Incidents.
• Demonstrate effective communication skills, both verbal and written.
• Candidates that can work in a 24-hours work environment and can work in the night shift, if needed, will be a plus. 

Minimum Skills required:

• 5+ years of relevant work experience in incident response, computer forensics security, risk assessments, application security and network security.
• Knowledge/experience with Splunk is required.
• Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team-oriented environment with excellent verbal and written and communication skills.
• Excellent understanding of common computing attack vectors and computer systems vulnerabilities.
• Considered expert in one (or more) of the following areas: Networking, Operating System (MS/Unix/Linux), database, or programming skills.
• Ability to produce reports from Fortinet Firewalls, FortiAnalyser Splunk and IPS Systems.
• Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as Security +, CEH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA.

Preferred Skills required:

• Professional/technical certifications, such as CISSP, GCIH, GCFA, GREM, CEH, OSCP or equivalent certifications in these areas.
• Development experience in scripting languages such as Python or Perl.
• Hands on experience using commercial Security Incident and Event Management (SIEM), “Next-generation” firewalls, web-content filtering systems, and/or Intrusion Prevention Systems.
• Experience in writing custom Fortinet IDS/IPS signatures and interpreting Snort output.
• Experience with large enterprise data centers and/or networks.
• Advanced Splunk Power User.

Qualifications:

• Bachelor’s/Master's degree in Computer Science, Information Technology, or related field.
• An active security clearance (MBI preferred) or the ability to obtain one is required for this role.

Minimum Eligibility: US Citizenship/Green Card holder (GC at least 3+ Years)

Location: DMV area (Hybrid)