Skip to Main Content
← Back to Jobs

Cyber Security Analyst (IDS/ IPS Analyst)

phia, LLC Chantilly ,VA
  • Expired: over a month ago. Applications are no longer accepted.
Job Description


Are you interested in joining an amazing technical team responding to the latest cybersecurity incidents (e.g. intrusion/breaches, attempts by APTs) across a variety of complex organizations?

phia LLC is seeking a skilled Cyber Security Analyst to support a large Federal Security Operations Center (SOC) and its 24x7 SOC mission. This team focuses on network data & forensics analytics in support of incident response and hunt objectives. This position is located in either Arlington, VA or Fair Lakes, VA.


· Provide oversight and assessment of incident response and triage actions across a large enterprise

· Technical analysis of network activity; the analyst monitors and evaluates network event data, signature-based IDS events and full packet capture (PCAP) data

· Triage IDS alerts; collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, prepare initial summary reports

· Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data

· Analyze security-relevant logs, network flow data for anomalies and to correlate reporting with enterprise-wide network activity

· Document key event details and analytic findings in an incident management system

· Identify & extract network indicators from incident reporting and published technical advisories/bulletins/reporting

· Assess cyber indicators/observables and collaborate in the development of IDS signatures and detection mechanisms

· Recommend new IDS signatures and detection strategies

· Perform incident correlation & escalation; ensure that all alerts are monitored, interpreted, analyzed, and investigated

· Produce detailed, comprehensive, and technically sound incident reports and review incident reports from other analysts

· Communicate and collaborate with analysts from other SOC organizations to investigate cyber events

· Monitor and report on trends and activity on network sensor platforms

· Provide technical assessments of cyber threats and vulnerabilities

· Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise Collect incident and investigation metrics and trending data, identify key trends, and provide situational awareness on these trends

· Provide routine status updates for ongoing projects, trouble tickets, incidents, and other related tasks

· Utilize external reporting tools and/or collaborate with the Threat team to exchange and consume threat intelligence

· Maintain awareness of major events and trends in the cyber security landscape

· Research and evaluate emerging detection/analysis capabilities

· Innovate new methods to use existing tools and data sources, and identify and obtain new data sources, to detect intrusions

· Develop, maintain and update standard operating procedures



· Bachelor’s Degree in Cyber Security, Information Technology or a related discipline and 3-5 years of relevant work experience

· Working knowledge of network and/or security operation center (NOC/SOC)

· Experience with product security vulnerability management, responsible disclosure, publishing CVEs, and experience working with security research community

· Experience providing metrics and reports from a SOARS/SIEM

· Excellent written and oral communication skills

· A team player that is proactive and possess excellent problem solving and organizational skills

· Experience with researching and fielding new and innovative technology

· Demonstrated proficient knowledge of industry standards and best practices within Intrusion Detection

· Active Top Secret Security clearance with ability to obtain a DHS background investigation (EOD)


· Bachelor’s Degree in Cyber Security, Information Technology or a related discipline and 5-9 years of relevant work experience

· Possession and demonstrated application of relevant certifications such as MCSE, CCNA, CISSP, ISC, SANs GIAC, PMP, etc.

· Experience leading and managing within SOC/NOC operations

· Well-rounded customer service experience

· Familiarity with vulnerability audits, red team and/or pentesting assessments

· Familiarity with the NIST/CNSS Risk Management processes, Controls Application/Test, Incident Response, Forensic and related guides

· Familiarity with various cyber frameworks such as ATT&CK and Cyber Kill Chain for incident response

· Familiarity with malware and media forensic analysis

· Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines


WORK SCHEDULE: Core Business Hours (Schedule is flexible but must be between the hours of 6AM-6PM M-F)





phia, LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:

· Medical Insurance

· Dental Insurance

· Vision Insurance

· Life Insurance

· Short Term & Long-Term Disability

· 401k Retirement Savings Plan with Company Match

· Paid Holidays

· Paid Time Off (PTO)

· Tuition and Professional Development Assistance

· Flex Spending Accounts (FSA)

· Parking Reimbursement

· Monthly Payroll

phia, LLC


Chantilly, VA