- Minimum of 6-10 years of InfoSec experience, preferably in a CIRT/SOC environment.
- Minimum of 6-10 years of Networking, TCP/IP, switching/routing/firewall experience.
- Minimum of 6-10 years of Network analysis, with a focus on security, tcpdump, windump, wireshark.
- 6-10 years Cyber Defense experience.
- 6-10 years Cyber Security experience.
- 6-10 years Forensic Analysis experience.
- 6-10 years Incident Response experience.
- 6-10 years Triage experience.
- Experience with host-based triage, forensics, and malware analysis using Endpoint Detection and Response (EDR) tool
- Experience analyzing network traffic with network monitoring toolset
- Experience analyzing log events and alerts in a SIEM environment
- Experience using a malware sandbox such as Cuckoo
- Experience with cyber incident response
- Experience with software and OS vulnerability, CVE, patch and threat analysis
- Experience with CVEs, patch analysis, threat analysis
- Written and verbal communication at a level appropriate for customer interaction/visibility
- Bachelor*s degree in a technical discipline is strongly preferred but will look at candidates with equivalent experience
- Helpful industry certifications:
- CISSP, SANS GIAC (GCIA, GCIH, GCFA, GNFA), CCIE, CCNA, CEH, Security+, Network+, and other security vendor specific certs.
Level 3 Cybersecurity Analyst (Incident Response/SIEM/Malware Analysis/Network Packet Analysis) seeking an experienced Level 3 advanced security analyst to serve as a consultant performing incident response triage and analysis using network security tools in a CIRT/SOC environment. Primary tools capabilities include Endpoint Detection and Response (EDR), Network Full Packet Capture, Malware Sandbox, and SIEM.
- Level 3 advanced member of cyber threat operations team that is responsible for detection and response for advanced threats.
- Recognizes and identifies potential threats to the network and systems connected to the network from the Internet and Intranet.
- Operates, documents, and maintains security controls. Monitors for, and investigates potential security breaches.
- The team also reviews internal and external network traffic to create policies that intercept Malware and other network attacks using network packet capture and other network IDS capabilities.
- Additionally the team is responsible for the infrastructure support, configuration, and use of the Endpoint Detection and Response (EDR) environment, to detect and respond to advanced threats.
- Third-level support to review, triage, analyze, and respond to alerts received in SIEM and other cyber security detection tools.
- Support infrastructure of the Endpoint Detection and Response environment.
- Create host-based Indicator of Compromise (IoCs).
- Proactively review network data packets for potential attacks.
- Malware analysis as appropriate.
- Support forensic investigations as appropriate.
- Consult on building correlation rules & alerts for the SIEM and other detection tools to identify anomalous, suspicious, or malicious activity.
This 6+ month position starts ASAP.
Please E-MAIL your resume (attachment to email) with rate and availability to Cheryl: firstname.lastname@example.org
ALPHA'S REQUIREMENT #19-00940
MUST BE ELIGIBLE TO WORK IN THE U.S. AS AN HOURLY W2 EMPLOYEE