Senior IT/ Cyber Security Analyst
Location: Bethesda, MD
Start : ASAP
CISSP Certification MUST
FOCUS : Hands ON Incident Response analyses/ monitoring/Management experience. Client utilize a security threat detection tool which scans firewalls, ips, etc. The resource needs to be able to interpret the security alerts presented within the tool, analyze the alert to determine the suspected threat, acknowledge threat within the utility, and provide recommendations to the necessary parties on how to handle the threat. Ability to evaluate web scanners and other utilities. Identify key requirements of web scanner utilities as necessary by the agency and present options based on expert recommendations including the key features, comparisons between the toolsets, and pros/cons of each, tailored to the needs and size of the agency. Ability to put together a high-level Incident Response Flow and when more information is made available, present a tailored Incident Response Flow. Really good understanding of NIST 800-53
- Lead or assist with the security monitoring of agency information system components – using agency security monitoring tools -- to detect cyber-attacks and indicators of system compromise.
- Provide senior-level expertise in the analysis of network traffic, cyber-attacks, phishing/hacking attempts, and data exfiltration.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the method of an observed attack.
- Lead or assist with the evaluation, installation, configuration, maintenance, and monitoring of security systems—such as SIEM, IPS/IDS, threat detection, and vulnerability scanners; develop standard operating procedures (SOP) and training on the use of security systems and tools.
- Respond to security-related Helpdesk trouble tickets related to cyber security incidents, including, but not limited to, malware attacks, ransomware, phishing and hacking attempts, unauthorized access, data exfiltration, PII or sensitive data breaches, denial-of-service events, advance persistent threats, and network intrusions.
- Develop and/or maintain security-related PowerShell scripts.
- Using forensic analysis tools to identify malware infections.
- Analyzing essential network data (e.g., router configuration files, routing protocols).
- Recognizing and interpreting malicious network activity in traffic.
- Identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
- Cyber incident handling—including (but not limited to) responding to phishing, malware, ransomware, unauthorized access, unauthorized disclosure, and data exfiltration incidents.
- Installing system and component upgrades. (i.e., servers, appliances, network devices).
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of how traffic flows across a network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP].
Tools Utilized include:
- Splunk (and Solarwinds) for event log management and analysis
- FireEye, Symantec, McAfee, Comodo, Nessus, Snort for data loss prevention (DLP), intrusion prevention system (IPS), packet analysis, application whitelisting, and security sandboxing
- Splunk, Snort, Wireshark, tcpdump, and Nessus for analyzing network traffic
- SIEM tools such as Splunk and IPS/IDS tools such as CheckPoint or FireEye
- Scripting using PowerShell or Python
- EnCase and Mandiant for forensics analysis
- BurpSuite, Nikto, AppScan, HPWebInspect for web scanning
- Kali Linux for penetration testing