Cybersecurity Analyst (Network Detection / Network Hunt)
Arlington, Virginia, United States
OVERVIEW: Are you interested in joining a technical team focused on hunting for cyber adversaries across a variety of complex enterprise networks? Are you ready to move beyond traditional Security Operations Center (SOC) methodologies and develop new techniques for understanding APT adversary network activity patterns and methods to identify adversary presence?
phia LLC is seeking a skilled Cybersecurity Analyst to support a large Federal security operations, analysis and threat-hunting organization. This team performs both near-realtime intrusion detection and network defense, as well as retrospective analysis in large data sets using “big data” platforms and custom analytics. The team supports 24x7 operations, though positions include flexible/core hour work as well as various shift positions. This position is located in Northern Virginia with frequent/full remote options during the pandemic.
- Communicate and collaborate with analysts from other cyber analysis teams/organizations (internal and external).
- Research and evaluate emerging detection/analysis capabilities.
- Author and publish technical advisories/bulletins/reporting, both on individual events and larger trends.
- Produce detailed, comprehensive, and technically sound analysis reports and review analysis reports from other analysts.
- Perform technical analysis of network activity across a large enterprise.
- Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity.
- Assess cyber threat intelligence reporting/indicators/observables/trends and collaborate in the development of IDS signatures, detection analytics and active countermeasures.
- Recommend new network-based detection and mitigation/countermeasure strategies, and advise on the development of new tools/capabilities.
- Triage detection and countermeasure alerting; assess the effectiveness of those mechanisms and tune to enhance/improve accuracy and precision.
- Develop and apply methods to analyze and visualize network flow data for anomalies and to correlate various types of threat reporting and adversary TTPs with enterprise-wide network activity.
- Document key event details and analytic findings in threat intelligence platforms and incident management systems.
- Monitor and report on trends and activity on network sensor platforms.
- Provide technical assessments of cyber threats & vulnerabilities and use network data to assess the defensive posture/exposure of the organization.
- Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends.
- Provide routine status updates for ongoing projects, trouble tickets, incidents, and other related tasks.
- Maintain awareness of major events and trends in the cyber security landscape.
- Innovate new methods to use existing tools and data sources, and identify and obtain new data sources, to detect cyber adversary activity.
- Develop, maintain and update standard operating procedures.
- Active Top Secret Security clearance.
- Bachelor’s Degree in Cybersecurity, Information Technology or a related discipline.
- Relevant training professional certifications, including (but not limited to) GCIA, GCIH, GCDA, GCED, GDAT.
- 3+ years of relevant work experience in cyber defense, focused specifically on network traffic/intrusion analysis.
- A team player that is proactive, creative, independent, and possesses strong problem solving skills.
- Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines.
- Basic software development/scripting capability (primarily focused around analyst automation/optimization, dealing with large analysis datasets, etc.).
- Direct experience with network traffic monitoring/capture/analysis capabilities, and various IDS, IPS, SIM/SIEM/SOAR technologies, to include IDS signature development and common signature syntax.
- Excellent written and oral communication skills.
- Working knowledge of security operations center (SOC) environments and processes.
- Experience performing and leading SOC or security analysis operations/functions.
- Familiarity with all related aspects of cybersecurity operations/analysis (e.g. incident response & management, forensic media analysis, malware analysis/reverse-engineering, cyber threat intelligence analysis, etc.) and security architecture & engineering.
- Familiarity with vulnerability research/discovery and management, red-teaming/pen-testing assessment, and security audit methodologies and capabilities.
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies (TTPs).
- In-depth knowledge of network intrusion detection and analysis principles and methods and related tools/technology.
- Proficiency with datasets that support analysis (e.g. passive DNS, WHOIS/registration data, system/service enumeration data, threat intelligence indicators/observables, malware analysis results, etc) and various open-source and commercial vendor portals/services/platforms that provide that data.
- Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs), ideally in high volumes.
- Well-rounded customer service experience.
WORK SCHEDULE: Core Business Hours (Schedule is flexible but must be between the hours of 6AM-6PM M-F); some fixed shift positions (24x7) also available.
TELEWORK ELIGIBILITY: Frequent/full remote options during the pandemic.
SECURITY REQUIREMENTS: Active Top Secret Clearance
phia, LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits for full time candidates to enhance the work-life balance, these include the following:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Parking Reimbursement
- Monthly Payroll