Senior Tier 2 Monitoring Analyst- Secret Clearance

Senior Tier 2 Monitoring Analyst- Secret Clearance

Arlington, Virginia
ID: j-2246

JOB TYPE:
Direct Hire

REMOTE STATUS:
On-Site

COMPENSATION:
$124000 / yr

Staffing Pros, a division of VETS Inc., is recruiting for a full-time Senior Tier 2 Monitoring Analyst onsite in Arlington, VA. An Active Secret clearance is required for this role.

This position is located in Arlington, VA and will be onsite 5 days a week. No hybrid/telework allowed.

This position will support Sunday – Thursday 6:00am to 2:00pm.

Responsibilities:

• Support the Cyber Incident Response Team (CIRT) and will be responsible for running day to day operations and analysis of the team.
• Develop the overall maturity of the team both from a holistic and professional level.
• This person is also the liaison between other CIRT teams and contract/government management.
• Provide Monitoring support in a 24x7x365 environment.
• Provide leadership and mentoring to security analysts.
• Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
• Protect against and prevent potential cyber security threats and vulnerabilities.
• Monitor and analyze network traffic to identify potential security threats and vulnerabilities.
• Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents.
• Provide response, technical assistance and expertise for significant cyber incidents, investigations, and related operational events.
• Develop and implement training programs for monitoring analysts.
• Develop and maintain security policies, procedures, and documentation.
• Conduct detailed research to increase awareness and readiness levels of the security operations center.
• Conduct advanced analysis and recommend remediation steps.
• Analyze network events to determine impact.
• Conduct all-source research to determine threat capability and intent.
• Develop and maintain analytical procedures to meet changing requirements.
• Develop content for cyber defense tools.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Determine tactics, techniques, and procedures for intrusion sets.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Collaborate with cross-functional teams to ensure compliance with security standards and best practices.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support incident response.

Required Qualifications:

• Bachelor's degree and minimum 9 Years experience; 7 Years with Masters; 4 Years with PhD. Four (4) additional years of experience can be substituted in lieu of the degree requirement.
• Must possess ONE of the following certifications or the ability to obtain prior to start date:
• CASP+ CE, CCNP Security, CEH, CFR, CHFI, CISA, CISSP (or Associate), Cloud+, CND, CySA+, GCED, GCIH, GICSP, SSCP.
• Security Operations Center experience, network event analysis and/or threat analysis.
• Tuning and/or configuring SIEM and vulnerability tools experience.
• Cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) experience.
• Expertise in traditional computing technologies architecture, design and security.
• Expertise in planning, implementation and usage of log aggregation and security analysis tools.
• Demonstrated knowledge utilizing native security and logging tools and centralized log aggregation utilizing a variety of methods.
• Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
• Ability to identify remediation steps for cybersecurity events.
• Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
• Proven ability to brief (technical/informational) senior leadership.
• Ability to scope and perform impact analysis on incidents.
• U.S. Citizenship required
• An active Secret security clearance.

Preferred Qualifications:

• Knowledge of network architecture, design and security.
• Ability to analyze static and dynamic malware analysis reports.
• Ability to analyze and identify anomalous code as malicious or benign.
• Skill in detecting host and network-based intrusions via intrusion detection technologies.
• Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
• Skill in conducting trend analysis.
• Knowledge of adversarial tactics, techniques, and procedures.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of packet-level analysis using appropriate tools.
• Knowledge of intersection of on-prem and cloud-based technologies.
• Knowledge of system design and process methodologies.
• Experience in developing and delivering comprehensive training programs.
• Experience collaborating with cross functional teams.
• Ability to coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

EEO Statement

Equal employment opportunity, including veterans and individuals with disabilities.

PI285139683