Cybersecurity Analyst

STR is hiring a Cybersecurity Analyst to aid the Enterprise Cybersecurity Team by providing day to day cybersecurity operations support, systems maintenance, problem resolution, and project support.

The Cybersecurity Analyst will be responsible for reviewing and analyzing cybersecurity events, providing recommendations, performing remediation, and escalating, as appropriate. The Analyst will correlate threat information from various sources, including security incidents raised by the user community such as phishing attempts, malware outbreaks, unauthorized access attempts, as well as security alerting sources. This role will require researching and assessing new threats and security alerts with recommendations for remedial actions to follow. In addition, the Analyst will proactively scan systems and networks to ensure that vulnerabilities are identified and mitigated, including the configuration of scan sites, scheduling of scans, production of reports, and interpretation and communication of results.

The Cybersecurity Analyst supports the development, implementation, and management of security policies/procedures to ensure they remain aligned with business objectives and meet regulatory requirements. The Cyber Analyst should maintain current knowledge of DoD security and technical guidelines, as well as the organization’s policies.

Additional duties include assessing security and compliance of new and existing infrastructure, gathering evidence in support of audits, and creating and maintaining installation and configuration of Standard Operation Procedures (SOPs). After-hours support could be required for incident handling, maintenance, and patching, as needed.

Requirements

• US Citizen with the ability to obtain a Security Clearance
• BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent
• 5 - 7 years related work experience in information security
• Knowledgeable with NIST 800-171 and NIST 800-53
• Understanding of the Cybersecurity Maturity Model Certification (CMMC)
• DoD 8570 Certs - CISA, CISM, CRISC, CISSP, or similar security certification.

Desired Qualifications

• Experience in maintaining Splunk, analyzing events and providing recommended actions
• Experience in deploying Tenable/Nessus and reviewing output for actionable items
• Experience in Systems/Network Administration
• Experience in threat management and assessment as it relates to physical security
• Experience with corporate security risk assessment, analysis, and mitigating controls.
• Strong technical background with a variety of information security systems and tools including firewalls, intrusion detection systems, intrusion prevention systems, vulnerability management, intrusion detection and prevention, cloud access security broker, anti-virus/malware, data loss prevention.
• Experience designing and implementing controls within corporate networks to include computer and network security and operating systems such as UNIX, Linux, MAC, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection.
• Excellent analytical skills in order to identify security risks and appropriate measures needed to help mitigate those risks. Must be comfortable in conducting independent research of issues and inquiries to provide guidance when requested.
• Experience working with Azure AD, Active Directory including Group Policy
• Experience with Mobile Device Management tools, for instance Microsoft InTune and JAMF
• Experience with endpoint security solutions, including file integrity monitoring, whitelisting, and data loss prevention
• Effective utilization of Security Technical Implementation Guidelines (STIGS) and Security Content Automation Protocol (SCAP) Content and Tools.
• Familiarity with one or more of: Microsoft 365, Microsoft Azure, AWS

Systems & Technology Research (STR) is a rapidly growing technology company with locations north of Boston, MA, Arlington, VA and near Dayton, OH. We specialize in advanced research and development for defense, intelligence, and national security, trying to understand how to protect our society: from stopping malicious botnet attacks, to understanding cyber vulnerabilities, providing next generation sensors, radar, sonar, communications, and electronic warfare to developing artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.

STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, but you go home at night knowing that you pushed the forefront of technology and made the world a little safer. We recognize that the world is changing, that it is becoming more connected than ever before, making things change faster than before, and reshaping society in the process. We all want to understand this changing world and leave it better for our work.

We're not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe!

STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.

If you need a reasonable accommodation for any portion of the employment process, email us at appassist@stresearch.com and provide your name, phone number and email address.

Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws