About the Role: This position serves as a Cyber Threat Analyst supporting an organization that provides services that analyze and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s personnel, information, and information systems; provides timely and relevant intelligence to assist with mitigating cyber threats; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis; support and develop the Cyber Insider Threat Program. Responsible for delivering written and oral briefings to stakeholders and community partners.
Role Description:
- Support the customer’s overall cyber threat analysis efforts.
- Liaison between Splunk Engineering team and SOC operations teams to configure Splunk Data Lake for optimum SOC functionality.
- Provide configurable executive-level dashboards summarizing cyber status or risk level per Splunk based on criteria published by FISMA and other Government organizations.
- Support production of metrics and trendlines per threat activity and provide in-product security research on existing and emerging threats.
- Support use of machine learning for event correlation and proactive cyber response capability.
- Research, analyze, and write documents such as use case requirements, system change documents, or process documents/workflows.
- Ensure documentation is accurate complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
- Ensure that content, including presentations, bulletins, white papers, memos, policies, briefings, and other products, are developed appropriately for the intended audience.
- Acquire subject knowledge by collaborating with analysts and engineers.
- Assist in coordinating projects from the planning stage, provide additional or missing materials, and edit for content format, flow, and integrity.
- Perform Cyber Threat Assessment and Remediation Analysis in the context of SIEM configuration requirements
- Process, organize, and analyze incident indicators retrieved from the client environment and correlate said indicators to various intelligence data
- Assist in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
- Investigate network and host detection and monitoring systems to advise engagement processes
- Develop core threat intelligence capability and subject matter expertise
- Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
Required Qualifications & Education:
- 5 years of Information Technology Experience
- Bachelor of Science in Computer Science, Information Systems, Mathematics, Engineering, related degree or an additional two (2) years of experience.
- Experience in cyber threat intelligence or intelligence analysis
- Cybersecurity certifications are preferred but not required
- Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.
- Experience using Splunk to support SOC operations.
- Experience assessing SIEM data for search and visualization capabilities.
- Demonstrate proficiency in the Incident Response Process and SOC operations and a good understanding of threat hunting
- Good understanding of system log information and where to collect specific data/attributes as required for the Incident Events
- Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations
- Experience performing log analysis and reporting
- Experience creating and tracking investigations to resolution
- Experience with Endpoint security solutions, including but not limited to Windows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools
- Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST, ISO)
- Solid understanding of the application, authentication, network security principles, and operating system hardening techniques
- General knowledge of cyber-attack frameworks (MITRE ATT&CK and Lockheed Cyber Kill Chain)
- Understanding of Computer Network Defense (CND) policies, procedures, and regulations
- SIEM monitoring and analysis, analyzing network traffic, log analysis, prioritizing and differentiating between potential intrusion attempts and false alarms
- Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategi
- Ability to work independently to address and resolve a security incident with minimal supervision.
Desired Qualifications: N/A
Clearance and Location Requirements: 100% Remote (Greater DC/Baltimore Area Preferred). Must successfully qualify for a Public Trust Clearance.
About NR Labs
At NR Labs, our passion is to solve the hard problems that keep security leaders up at night in a way that caters to their unique technical, financial, political, and business posture. Our company empowers every organization to achieve its cyber potential. NR Labs focuses on cybersecurity for public and private sector clients and is dedicated to solving their most complex cyber challenges. If you are curious in learning more about NR Labs, please visit our website at nrlabs.com.