Responsibilities: Our client is seeking a Monitoring Incident Response Analyst to support the Diplomatic Security Cyber Mission (DSCM) program providing leading cyber and technology security experience to enable innovative, effective, and secure business processes. This position will work a rotating hybrid schedule in Arlington, VA. WEEK 1 - 2 days onsite, 3 days remote WEEK 2 - 3 days onsite, 2 days remote. The selected candidate must be able to support Mon - Fri 8am-4pm.
Implement cyber monitoring capabilities within our SIEM and detection tools.
Develop and enhance threat dashboards and advanced analysis capabilities.
Provide tuning of threat detection tools.
Understand and develop cyber monitoring within cloud environments
Utilize on-premises and cloud-based tools for analysis of devices and networks
Onboard and integrate cyber monitoring tools from the analyst’s perspective.
Coordinate with engineers to assist in building and maintaining platforms.
Coordinate with cyber threat experts to implement the latest signatures.
Maintain Splunk dashboards and reports.
Maintain an understanding of cloud development with Microsoft Azure, Amazon AWS, and Google Cloud environments.
Maintain an understanding of Machine Learning and User and Entity Behavior Analytics.
Qualifications: Basic Qualifications- To be considered for this position, you must at minimum meet the knowledge, skills, and abilities listed below:
Bachelor’s degree and at least 2 years of experience or a High School diploma and 6-8 years of experience.
US Citizenship required with the ability to obtain an interim Secret clearance before start date.
Must be able to work a hybrid schedule.
Must possess one of the following certifications by start date: CCNA, CND, CySA+, Security+ CE, Cloud+, GICSP, GSEC, or SSCP.
Ability to think critically, providing perspective when conducting analysis inside a large enterprise.
Knowledge of cloud services, most notably how to properly secure cloud environments from common and unique threats.
Ability to resolve highly complex malware and intrusion issues using computer host analysis, forensics, and reverse engineering.
Ability to recommend sound counter measures to malware and other malicious type code and applications which exploit customer communication systems.
Knowledge in development of policies and procedures to investigate malware incidents for an entire computer network.
Experience and understanding of security-related artifacts and controls within Windows, Linux and Macintosh operating systems.
Incident Response experience utilizing SIEM and EDR tools.
Working knowledge of Splunk Query Language, Kusto Query Language, SQL.