Cyber Threat Analyst III

Overview

Cyber Threat Analyst III (Remote)

• Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.
• Monitor cyber security events, detecting incidents, and investigating incidents.
• Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.
• Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.
• Provide support to contract Program Manager, as necessary.
• Effectively communicates technical information to non-technical audiences.
• Influence others to comply with policies and conform to standards and best practices.

• 7+ years of experience with security operations, threat hunting, and incident response
• Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on Sentinel One, Armis, and Splunk.
• Experience in configuring network devices and analyzing network traffic
• Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
• Experience in researching, developing, and implementing SOAR use cases.
• Familiar with Security Orchestration, Automation, and Response (SOAR) platform
• Familiarity with cybersecurity operation center functions.
• Experience configuring and re-configuring security tools, including Senintel One and Splunk.
• Experience implementing Security frameworks, such as MITRE Telecommunication&CK and NIST, and can interpret use cases into actionable monitoring solutions.
• Must have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.

• Develop, test and Implement dynamic Risk-Based Alerting (RBA)
• Identifying and developing RBA and identifying use cases for SOAR and AI/ML.
• Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, Sentinel One and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary.
• Analyze network traffic utilizing available tools and provide recommendations
• Perform vulnerability assessments of recently discovered CVEs against US Government Client systems and network.
• Assist in the process of configuring or re-configuring the security tools.
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements

• A minimum of eight (8) to twelve (12) years’ relevant experience.
• A degree from an accredited College/University in the applicable field of services is required. If the individual s degree is not in the applicable field then four additional years of related experience are required.

• Pass a client mandated clearance process to include drug screening, criminal history check and credit check.
• Once candidate's resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
• If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
• All candidates must be a US Citizen or permanent status Green Card holder.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)