Deep Dive Analyst
We are seeking a Deep Dive Analyst for one of our leading customers. This person can sit in Martinsburg, WV or Hines, IL.
The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. You will be responsible for coordinating resources across the VA enterprise and consolidating log data into a centralized repository (Splunk) where they will be correlated, analyzed and enriched by other threat analysts to identify Indicators of Compromises (IOCs), Advanced Persistent Threat (APT) and other unauthorized activities on the VA network.
- Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Palo Alto Networks, McAfee EPO, Cisco Ironport, Netscout, Sourcefire Defense Center and Bigfix
- Determine if an event meets the criteria for additional cyber hunt investigation and/or constitutes a security incident subject to investigation and notify team lead or designate within 15 minutes
- Review audit logs and identify any unusual or suspect behavior
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
- Develop and execute custom scripts to identify host-based indicators of compromise
- Provide advanced technical capabilities to senior leadership, including Big Data Analytics, and Predictive Intelligence
- Provide proactive APT hunting, incident response support, and advanced analytic capabilities
- Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams
- Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH)
- Competency: Senior Specialist/SME
- Knowledge: Expert knowledge in specialized functions. Exhaustive understanding of, both general and specific aspects of the job and its application.
- Problem Solving: Works on unusually complex technical problems and provide solutions which are highly innovative and ingenious.
- Supervision: Work is unsupervised and assignments are often self-initiated. Work checked through consultation and agreement with client rather than by formal review of superior. May supervise others.
- Education Bachelor’ s degree (or Associates degree & 2 years relevant experience with professional certifications, such as CISSP, GREM, or GCIH.
- Experience: 12 years total relevant experience, including:
- Minimum of 6 years information technology
- Minimum of 4 years advanced Cyber Threat Information experience
- Professional certifications, such as CISSP, GREM, or GCIH
- PWS Specified Certifications: Must have at least one of the following certificationss (or obtain within the first 90 days of hire): Certified Ethical Hacker (CEH); Certified Information Systems Auditor (CISA); GIAC Systems and Network Auditor (GSNA); GIAC Certified Incident Handler (GCIH); CERT - Certified Computer Security Incident Handler (CSIH); SPLUNK Certified Knowledge Manager; SPLUNK Certified Admin; SPLUNK Certified Architect
- Background Investigation: Must be able to pass and maintain a Government Background Investigation. U.S. citizenship is also required by law, regulation, executive order, or government contract for this particular position