Itar Security Monitoring Analyst

POSITION 1: ITAR Security Monitoring Analyst (minimum Tier 2 for full incident analysis and triage)

Location – remote – Must be willing to work MST / CST

Duration – 6 months +

REQUIREMENTS:

US Person that can pass ITAR and DFARS vetting

Ability to conduct and document root cause with timeline analysis

Ability to effectively use Splunk and Splunk ES

3 years of experience as a cyber security analyst

Advanced knowledge of security concepts: A strong understanding of cybersecurity principles, such as encryption, authentication, and access control, as well as knowledge of different types of threats and attack vectors.

Analytical and problem-solving skills: Tier 2 analysts need to be able to analyze complex security issues, identify root causes, and develop effective solutions.

Incident response and handling: Experience with incident response processes and procedures, as well as an understanding of how to handle incidents, coordinate with other teams, and manage communications.

Threat hunting and intelligence: Skills in proactive threat hunting, analyzing threat intelligence feeds, and understanding the threat landscape.

Familiarity with security tools: Proficiency in using various security tools, such as Security Information and Event Management (SIEM), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Endpoint Detection and Response (EDR) solutions

Nice to haves

Experience with the Linux command line and CLI tools for processing data

Experience with carbon black live response, and live response triage techniques

Experience leading an incident

Experience creating incident response playbooks

Network and system administration skills: A deeper understanding of network protocols, system administration, and operating systems (e.g., Windows, Linux, macOS) is essential for analyzing and resolving security incidents.

Vulnerability assessment and management: Knowledge of how to identify, assess, and prioritize vulnerabilities, as well as experience with vulnerability scanning tools and patch management.

Scripting and automation: Knowledge of scripting languages (e.g., Python, PowerShell, bash)

Some of the qualifications and duties are:

Review alerts and necessary event logs including Carbon Black, Windows Event, Sysmon CLI, Palo Alto FW, Zscaler, Proofpoint, DNS, Live Response logs, and others

Evaluate possible cyberattacks, insider threat, or internal breaches

Determine the validity (True or False positive) and scope of a threat

Extract IOC's from an incident

Review threat intel and identify TTP's from these IOC's, then expand their analysis to include these new TTP's and IOC's/IOA found in threat intel

Suggest remediation tactics such as EDR, Firewall, Email, or other mitigations

• An incident responder can remediate many cyberthreats but may escalate some threats to tier 3 (SecOps Engineering).