Cyber Security Defense Analyst
Location: Bethesda, MD
- Perform threat and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation.
- Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response.
- Leverage threat intelligence e.g. FSISAC, NCFTA while actively monitoring critical financial services infrastructure.
- Assess the impact of potentially malicious traffic on company network and infrastructure.
- Perform in-depth analysis in support of network monitoring and incident response operations.
- Perform live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and infrastructure components.
- Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and preventing attacks.
- Develop appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process.
- Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity.
- Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists
- Conduct research of emerging security threats.
- Propose additional components and techniques that could be used to proactively detect and prevent malicious activity.
- Provide other services as a key member of the Cyber Security Operations Team:
- Security review and administration of changes to networks, servers and end point devices in collaboration with network operations.
- Security sensor policies for IDS/IPS, Firewalls, web security gateway, logging.
- Continuous Control Monitoring including Baseline Security - Configuration monitoring.
- Investigations and Forensics
Qualifications - External
- Bachelor's Degree or equivalent required
- 6+ years of related experience
SPECIALIZED KNOWLEDGE & SKILLS
- Must have experience in SOC/NOC environment
- Solid understanding of cloud based critical infrastructure systems security threats
- Deep experience with cyber security in the domains of cyber threat intelligence and analysis, security monitoring and Incident Response for a cloud-based services environment
- Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures.
- Detailed experience of network and system vulnerabilities, malware, networking protocols, multi-tiered applications and attack methods to exploit vulnerabilities.
- Experience in a technical security role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDS/IPS, and penetration and vulnerability testing
- Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis
- Candidate must have a working knowledge of network engineering and local and wide area (LAN/WAN) technologies and topologies.
- Must have experience with security and monitoring tools (i.e. – Log management, e.g. Splunk, Firewall management, e.g. Fortinet, IDS/IPS, SIEM, etc…).
- Knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs.
- Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials
- Be able to work in fast paced environment with occasional on-call activities.
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
- Ability to manage multiple priorities – projects, deliverables, and stakeholders
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
- Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.
- Industry Certification desired, e.g. CISSP, CISM Certification etc..