Cybersecurity Analyst III

Empower, Innovate, Impact!  At Team A-TEK, we EMPOWER people to drive INNOVATION that IMPACTS mission!

A-TEK operates at the intersection of mission and innovation by applying our deep domain expertise across the federal markets. Embracing our digital-first strategy, A-TEK provides enhanced capabilities in application development, digital transformation, enterprise IT, and scientific services. Our solutions are designed to modernize, automate, secure, protect, and enhance the operations of our federal clients, ensuring they stay ahead in a rapidly evolving digital landscape.

Our work is fueled by a passion to serve our clients’ needs and to protect the safety and welfare of Americans. That passion shapes how we nurture our most valuable asset – Our Employees. A-TEK actively cultivates the talent that drives our success and fosters a creative, challenging, and mission-driven work environment for current and future employees.

As the Cybersecurity Analyst Tier 3, you are responsible for overseeing and managing the daily activities of the Security Operations Center for our federal customer. Your role involves helping to lead a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment. As a Cybersecurity Analyst T3, you play a critical role in safeguarding the organization's assets, data, and reputation from cyber threats. Leadership skills, technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role. The physical worksite for this position is located in Rockville, MD.  This position requires that ability to obtain and retain a public trust level security clearance. An active CISSP, CISM, or CISA is required for consideration for this position.  US Citizenship is required for this role.

Role and Responsibilities

• Team Management: You are managing highly complex cybersecurity issue resolution while training and mentoring Tier 1 and Tier 2 Analysts. This involves hiring, training, and mentoring security analysts, engineers, and other team members. You will help ensure that each team member understands their roles, responsibilities, and goals within the SOC.
• Effectively communicate information to stakeholders of all levels.
• Incident Response: Coordinating the response to security incidents is a crucial aspect of your role. When a security incident occurs, you will help guide the team in analyzing and containing the threat, mitigating the impact, and initiating recovery procedures.
• Security Monitoring and Detection: Overseeing the continuous monitoring of security events and alerts to identify potential security breaches or threats. This includes analyzing logs, network traffic, and security tools to detect anomalous behavior and suspicious activities.
• Threat Intelligence: Keeping abreast of the latest security threats, vulnerabilities, and attack techniques is essential. You will be responsible for integrating threat intelligence into your SOC's processes and ensuring the team is well-informed about emerging risks.
• Incident Analysis and Reporting: The Tier 3 team will investigate and analyze security incidents to understand their root cause and potential impact. You will generate incident reports for both technical and non-technical stakeholders, including management and relevant authorities.
• Security Tooling and Technology: Evaluating and implementing security technologies, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other security tools that enhance the SOC's capabilities.
• Process Improvement: Continuously improving SOC procedures, workflows, and playbooks to streamline incident response and enhance overall security operations.
• Collaboration: Working closely with other teams in the organization, such as IT, network operations, compliance, and legal, to ensure effective communication and coordination during security incidents.
• Compliance and Regulations: Ensuring that the SOC operates in compliance with relevant security standards, regulations, and policies.
• Training and Awareness: Conducting regular security awareness training for employees to enhance the overall security posture of the organization.

Qualifications:

• 5+ years of experience within a cybersecurity environment; including 3+ years of experience in a cybersecurity SOC leadership role is required.
• Bachelor’s degree in computer science, or a related field; or 5+ years of commensurate work experience in lieu of a degree.
• Endpoint and network security experience required.
• Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents.
• Robust certification credentials such as: CISSP, CISM, CISA, required, additional certifications such as Network+, CEH, SANS FOR578: Cyber Threat Intelligence, SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics, Splunk Core Certified Advanced Power User, Splunk Administrator, and Splunk SOAR administrator are preferred.
• Knowledge of MITRA attached framework.
• Vulnerability/cyber incident management framework
• Experience in SOC Tier 3, mentoring a team of cybersecurity professionals.
• Experience with digital forensics and process
• Knowledge of Splunk, Crowdstrike, tenable, forescout, Xscalar, BigFix, MS360, Encase, Fireeye, Cortex SOAR XDR, Prisma

Preferred Skills and Experience:

• IDS, IPS, EDR, ATP, Malware defenses and monitoring experience.
• Threat hunting experience preferred.
• Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
• Working knowledge of incident response procedures.
• Experience with SQL query construction preferred.
• Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Strong understanding of Windows event log analysis
• Experience with enterprise information security data management - SIEM experience a plus.
• Programming and scripting skills a plus.
• Excellent troubleshooting and analytical thinking skills
• Strong documentation and communication skills
• Advanced Cyber Security certifications preferred but not required.
• Excellent customer service skills

Compensation: The salary range for this position is $130,000 to $140,000 per year based and is based on experience and certifications levels.

Benefits: Health, dental, and vision insurance; 401(k) with employer match; paid time off; professional development opportunities.

#LI-OnSite

A-TEK, Inc. is an Equal Opportunity/Affirmative Action employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or status as a qualified individual with a disability, or Vietnam era or other protected Veteran status. Verification of education may be requested before or during the hiring process.