Cyber Security Defense Analyst

Location: Bethesda, MD



Responsibilities: 
- Perform threat and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation. 
- Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response. 
- Leverage threat intelligence e.g. FSISAC, NCFTA while actively monitoring critical financial services infrastructure. 
- Assess the impact of potentially malicious traffic on company network and infrastructure. 
- Perform in-depth analysis in support of network monitoring and incident response operations. 
- Perform live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and infrastructure components. 
- Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and preventing attacks. 
- Develop appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process. 
- Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity. 
- Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists 
- Conduct research of emerging security threats. 
- Propose additional components and techniques that could be used to proactively detect and prevent malicious activity. 
- Provide other services as a key member of the Cyber Security Operations Team: 
- Security review and administration of changes to networks, servers and end point devices in collaboration with network operations. 
- Security sensor policies for IDS/IPS, Firewalls, web security gateway, logging. 
- Continuous Control Monitoring including Baseline Security - Configuration monitoring. 
- Investigations and Forensics 

Qualifications - External 
EDUCATION 
- Bachelor's Degree or equivalent required 

MINIMUM EXPERIENCE 
- 6+ years of related experience 

SPECIALIZED KNOWLEDGE & SKILLS 
- Must have experience in SOC/NOC environment 
- Solid understanding of cloud based critical infrastructure systems security threats 
- Deep experience with cyber security in the domains of cyber threat intelligence and analysis, security monitoring and Incident Response for a cloud-based services environment 
- Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures. 
- Detailed experience of network and system vulnerabilities, malware, networking protocols, multi-tiered applications and attack methods to exploit vulnerabilities. 
- Experience in a technical security role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing 
- Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis 
- Candidate must have a working knowledge of network engineering and local and wide area (LAN/WAN) technologies and topologies. 
- Must have experience with security and monitoring tools (i.e. – Log management, e.g. Splunk, Firewall management, e.g. Fortinet, IDS/IPS, SIEM, etc…). 
- Knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs. 
- Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials 
- Be able to work in fast paced environment with occasional on-call activities. 
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills 
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives 
- Ability to manage multiple priorities – projects, deliverables, and stakeholders 
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives 
- Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies. 
- Industry Certification desired, e.g. CISSP, CISM Certification etc..