Overview
• Tier One Technologies is looking for a Cyber Threat Analyst to work with our direct US Government client.
• This hybrid Contract-to-Hire position will be located in Falls Church, VA.
• SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT.
Responsibilities
• Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.
• Monitor cyber security events, detecting incidents, and investigating incidents.
• Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.
• Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.
• Develop, test and Implement dynamic Risk-Based Alerting (RBA).
• Identify and develop RBA and identifying use cases for SOAR and AI/ML.
• Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary.
• Analyze network traffic utilizing available tools and provide recommendations.
• Perform vulnerability assessments of recently discovered CVEs against internal systems and network.
• Assist in the process of configuring or re-configuring the security tools.
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements
Provide support to contract Program Manager, as necessary.
• Effectively communicates technical information to non-technical audiences.
• Influence others to comply with policies and conform to standards and best practices.
Qualifications
• Bachelor's or Master's Degree in Computer Science, Information Systems, or other related fields.
• 8+ years of experience with security operations, threat hunting, and incident response
• Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
• Experience in configuring network devices and analyzing network traffic
• Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
• Experience in researching, developing, and implementing SOAR use cases.
• Familiarity with Security Orchestration, Automation, and Response (SOAR) platform.
• Familiarity with cybersecurity operation center functions.
• Experience configuring and re-configuring security tools, including SenintelOne and Splunk.
• Experience implementing Security frameworks, such as MITRE ATT&CK and NIST, and can interpret use cases into actionable monitoring solutions.
• CERTIFICATIONS (One or more required): CISSP or CISA or CISM or GIAC or RHCE.
• Excellent oral and written communication skills.
• Must be able to obtain a Position of Public Trust Clearance.
• All candidates must be a US Citizen or have permanent residence status (Green Card).
• Candidate must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last 5 years. Military Service excluded.