Cyber Security Analyst Tier II

As a member of the Security Operations Center (SOC) team, in support of the Virginia Information Technology Agency (VITA), a Cyber Security Analyst (Tier II) will be responsible for performing investigation and escalation of security alerts triaged by Tier I analysts and others that enter the SOC from network and security systems/applications, the client, and/or from intelligence sources. The position may also require an Analyst to monitor and utilize third party toolsets in the client environment.

RESPONSIBILITIES:

• Provide technical support on event network security logs and trend analysis.
• Detect the full spectrum of known cyberattacks (e.g., DDoS, malware, phishing, others).
• Uncover and pinpoint security violations of compromised systems and devices
• Correlate security events from various capabilities to identify attacks and breaches.
• Analyze and acts on intelligence information to secure customer networks and devices
• Recognize successful and unsuccessful intrusion attempts and compromises.
• Triage security events utilizing relevant details and summary information.
• Prepare incident reports of analysis methodology and results.
• Observe, document and report actions taken by malicious actors in customer networks.
• Accurately and appropriately prioritize and escalate incidents.
• Examine malware analysis reports and other reporting from incidents to correlate similar events.
• Conduct log and system analysis for various system, and network and security devices.
• Document emerging threat intelligence and reported IOCs for security tool integrations.
• Create and update rules or signatures in security tools and applications.
• Escalate identified security incidents to the appropriate teams or POCs.
• Recommend appropriate methods of system remediation and threat mitigation, as needed.
• Maintain a current understanding of the best practices and strategies used in cyber security.
• Motivate self and co-workers to expand knowledgebase and capabilities.

REQUIRED QUALIFICATIONS:

You MUST have:

• Technical Training, Certification(s) or Degree, 1+ years of experience
• Cyber Ark Experience
• CompTIA A+, Net+ or Sec+ certified
• Qualifying Certification to meet DoD IAT Level II and CSSP Analyst (DoD 8570) requirements to be met within 6 months of starting the position: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, and/or PenTest+

PREFERRED QUALIFICATIONS

Even BETTER if you have:

• 5+ years of relevant experience
• Strong analytical, organizational and project management skills
• Understanding of networking fundamentals, the OSI model, and TCP/IP protocols
• Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.)
• Experience reviewing network, host and application audit logs (system, security, etc.)
• Relevant security certifications (Network+, CEH, CCNA, etc.)
• Familiarity of security standards (NIST, FISMA, Fed RAMP, DCID, CNSS and DoD 8500)
• Knowledge of cloud IT solutions and security considerations of cloud solution deployment
• Experience with any SIEM or log aggregation system, Splunk preferred