Cyber Defense Analyst

Description

Data Systems Analysts, Inc. is seeking a SECRET CLEARED Cyber Defense Analyst to join a team supporting Security Information and Event Management (SIEM) analytics and incident response. The Cyber Defense Analyst will use data collected from a variety of cyber defense tools (e.g., SIEM, firewalls, network traffic logs.) to analyze events that occur within the environment for the purpose of mitigating threats. Working with a team of cyber, technical, and program subject matter experts to Investigate, analyze, and respond to cyber incidents within the network environment or enclave.

Required Qualifications

• Active Secret or above Security Clearance.
• Current GIAC Certified Incident Handler (GCIH) certification.
• Current Security + Certification and number.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 4+ years as a Cyber Defense Analyst/Incident Responder supporting DoD Programs and/or Services.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Document and escalate incidents (including events’ history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information.
• Identify and analyze anomalies in network traffic using metadata (e.g., PCAP).
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Perform cyber defense trend analysis and reporting.
• Perform initial, forensically sound collection of audit logs and inspect to discern possible mitigation/remediation on enterprise systems.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
• Write and publish after action reviews.
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Coordinate incident response functions.
• Army IA Training and Certification BBP (Required).
• IAM III with IAT I or II (Required).

Desired Qualifications

• Current CISSP Certification.
• Strong analytical and problem-solving skills.
• Experience with security monitoring tools and incident response procedures.
• Strong communication skills to support briefing Senior Leadership.
• Skilled in the use of Microsoft PowerPoint and Visio to rapidly develop informative briefings.

Key Responsibilities

• Monitor security alerts and logs to identify potential threats and incidents.
• Conduct thorough investigations and forensic analysis of security breaches.
• Develop and implement incident response plans and strategies.
• Collaborate with cross-functional teams to remediate vulnerabilities and enhance security posture.
• Prepare reports on incident findings and recommend improvements to security measures.
• Stay current on cybersecurity trends, threats, and technologies.

#DSA209

#LI- AH1

Many of DSA's positions require the ability to obtain a security clearance. Security clearances may only be granted to U.S. citizens. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information. DSA is proud to be an Equal Opportunity Employer. DSA is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. DSA requires background checks , where permitted , by law. DSA is an E-Verify Employer.