Cybersecurity Analyst- Network Data & Forensics Analytics

OVERVIEW

phia LLC is seeking a skilled Cybersecurity Analyst to support a large Federal Security Operations Center (SOC) and its 24x7 SOC mission. This team focuses on Network Data & Forensics Analytics.

DUTIES

• Technical analysis of network activity; the analyst monitors and evaluates network event data, signature-based IDS events and full packet capture (PCAP) data.
• Triage IDS alerts; collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, prepare initial summary reports.
• Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data.
• Analyze network flow data for anomalies and to correlate reporting with enterprise-wide network activity.
• Document key event details and analytic findings in an incident management system.
• Provide oversight and assessment of incident response and triage actions across a large enterprise.
• Identify & extract network indicators from incident reporting and published technical advisories/bulletins.
• Perform incident correlation & escalation.
• Recommend new IDS signatures and detection strategies.
• Produce final reports and review incident reports from other analysts.
• Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.
• Assess cyber indicators/observables and collaborate in the development of IDS signatures and detection mechanisms.
• Monitor and report on trends and activity on network sensor platforms.
• Provide technical assessments of cyber threats and vulnerabilities.
• Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise.
• Develop, maintain and update standard operating procedures.
• Provide routine status updates for ongoing projects, trouble tickets, incidents, and other related tasks.
• Maintain awareness of major events and trends in the cyber security landscape.
• Research and evaluate emerging capabilities.
• Ensure that all alerts are monitored, interpreted, analyzed, and investigated.
• Utilize external reporting tools for threat intelligence.
• Monitor all security-relevant logs and alerts for signs of compromise, attack, or system misuse and policy violations.
• Innovate new methods to use existing tools and data sources, and identify and obtain new data sources, to detect cyber intrusions.
• Write detailed incident reports.
• Collect incident and investigation metrics and trending data, identify key trends, and provide situational awareness on these trends.
• Monitor all-source threat reporting.

Requirements

KEY REQUIREMENTS

• Bachelors Degree in Cyber Security, Information Technology or a related discipline.
• 4 or more years of relevant work experience.
• Working knowledge of network and/or security operation center (NOC/SOC).
• Vulnerability analysis, audits, and management skills.
• Experience with product security vulnerability management, responsible disclosure, publishing CVEs, and experience working with security research community.
• Experience providing metrics and reports from a SIEM.
• Excellent written and oral communication skills.

• Must be a team player, proactive, and possess excellent problem solving and organizational skills.
• Experience managing IT systems.
• Experience with researching and fielding new and innovative technology.
• Demonstrated proficient knowledge of industry standards and best practices within Intrusion Detection.
• Active Top Secret Security clearance with ability to obtain a DHS background investigation (EOD).

DESIRED QUALIFICATIONS

• Possession and demonstrated application of relevant certifications such as MCSE, CCNA, CISSP, ISC, SANs GIAC, PMP, etc.
• Experience with using vulnerability assessment tools such as Tenable Security Center, Nessus, McAfee (Foundstone) Enterprise, App Detective, dbProtect, Cenzic, or other web application/database vulnerability assessment tools.
• Experience with vulnerability audits and assessments.
• Experience with red team and/or pentesting assessments.
• Understanding of NIST/CNSS Risk Management processes, Controls Application/Test, Incident Response, Forensic and related guides.

• DODD 8570 Level II certification (SANS certifications, CISSP).
• Experience leading and managing within SOC/NOC operations.
• Familiarity with Kill Chain for incident response.
• Familiarity with malware analysis.
• Familiarity with forensics.
• Familiarity with incident response products and best practices.
• Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint).
• Customer service experience.
• Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines.

WORK SCHEDULE: Core Business Hours (Schedule is flexible but must be between the hours of 6AM-6PM M-F)

TRAVEL: N/A

TELEWORK ELIGIBILITY: N/A

SECURITY REQUIREMENT: Active Top Secret/SSBI; eligible for SCI and DHS EOD

Benefits

COMPANY OVERVIEW:

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customers missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)
• Parking Reimbursement
• Monthly Payroll