We are seeking a Cyber Threat Analyst / Threat Intelligence Analyst for one of our leading customers. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. The candidate will provide operational support on expert level analysis in regards to Advanced Persistent Threats (APTs), Indicators of Compromise (IOC), Intelligence Gathering and sharing this information with other formalized partners.
- Monitoring various security tools (e.g., Splunk, Palo Alto Networks, SourceFire, Cisco ASA) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of VA architecture and information systems are protected
- Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Palo Alto Networks, McAfee EPO, Cisco Ironport, Netscout, Sourcefire Defense Center and Bigfix
- Determine if an event meets the criteria for additional cyber hunt investigation and/or constitutes a security incident subject to investigation and notify team lead or designate within 15 minutes
- Review audit logs and identify any unusual or suspect behavior
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
- Develop and execute custom scripts to identify host-based indicators of compromise
- Provide advanced technical capabilities to senior leadership, including Big Data Analytics, and Predictive Intelligence
- Provide proactive APT hunting, incident response support, and advanced analytic capabilities
- Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams
- Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH)
- Provide all VA cyber task area
- Competency: Specialist/Lead/Supervisor
- Knowledge: Extensive knowledge in specialized functions. A wide and comprehensive understanding of, both general and specific aspects of the job and its application.
- Problem Solving: Develops technical solutions to complex problems which require the regular use of ingenuity and creativity.
- Supervision: Work is performed without discernible direction. Exercises considerable latitude in determining objectives and approaches to assignment. May supervise others
- Education: Bachelors degree in computer science, electronics engineering or other engineering or technical discipline
- Experience: 10 years of relevant experience; an 8 additional years of relevant experience may be substituted for education
- PWS Specified Certifications: Must have at least one of the following certifications in addition to Certified Cyber Intelligence Investigator (CCII):
- CCTA (Certified Counterintelligence Threat Analyst) CCIP (Certified Cyber Intelligence Professional
- CCIE (Certified Cyber Investigations Expert)
- Background Investigation: Must be able to pass and maintain a Government Background Investigation. U.S. citizenship is also required by law, regulation, executive order, or government contract for this particular position