Description:
Looking for a Cyber Watch analyst to support a 12-hour Day Shift schedule on the Computer Incident Response Team (CIRT) Watch Floor:
- Collaborate between CIRT elements as necessary during incident detection and response stages
- Respond promptly to all request for support whether telephonic, via e-mail or instant messenger
- Create releasable finished intelligence products and reports for the IC as well as IC Senior Leadership
- Maintain incident case management database for all reported incidents
- Analyze incidents and events captured in the Case Management Database for trends, patterns, or actionable information
- Review incidents and events captured in the Case Management Database after closure for investigative sufficiency and timeliness
- Leverage existing business processes and document new repeatable business processes and procedures where necessary
- Research external information on events, incidents, outages, threats, and technical vulnerabilities
- Coordinate and disseminate the best course of action for the IC enterprise during cybersecurity events, incidents, outages, threats and technical vulnerabilities with IC-IRC fusion analysis team
- Assess incidents to identify type of attack, collect evidence, and assess impact
Required Qualifications:
- Bachelor’s degree (or equivalent) in Cybersecurity, Information Security, IT, EE, Network Engineering, Computer Science, or related field. An additional 4 years of experience in a cyber security related area may be substituted for a degree. Experience used as college equivalency must be in addition to other experience requirements.
- Minimum 1 year experience in three or more specific areas to include: analysis, network engineering, networking security, penetration testing, red teaming, hardware engineering, software reverse engineering, and computer exploitation.
- Minimum 6 months experience working with a Security Incident and Event Management (SIEM) system. (e.g.: ArcSight, Splunk Enterprise Security)
- Minimum 6 months experience working in a Security or Network Operations Center (SOC or NOC).
- Ability to research and analyze data from a variety of sources and to present findings in clear, concise reports.
- Proficiency in at least one of the following tools/technologies: HP Openview, FireEye, Solarwinds, ArcSight, Web Sense or comparable commercial technology
- Proficiency in Windows and Linux environments (GUI and command line) with the ability to use and manage data from a variety of data bases, comfortably navigate between different databases
- Working knowledge of software development and some demonstrated proficiency in scripting and/or programming languages and database development
Desired Qualifications:
- Prior Intelligence Community experience.
- Windows or Linux experience operating system security
- Relevant security certification – CISSP, CCFP, CCSP, CEH, GCFA, GCIA
BS Equivalent = Minimum 4 years of experience in Cybersecurity, IS, IA, IT, EE, Network engineering, Computer Science/Engineering, Computer forensics or related technical field. Experience used as equivalency for college degree must be in addition to other experience requirements
(Req # 109.107929)