Cyber Threat Analyst, Lead

Booz Allen Hamilton Inc. Denver , CO 80208

Posted 8 months ago

Job Description: Job Number: R0053146

Cyber Threat Analyst, Lead

Key Role:

Work as part of a team that develops and implements world class Cybersecurity capabilities for leading commercial businesses across industries, including financial, health, and manufacturing. Develop security content, including signatures, rules, searches, alerts, and reports to identify suspicious and malicious activity across the client's technology ecosystems, including SIEM, Splunk, Endpoint Detection (EDR), Intrusion Detection (IDS/IPS), Data Loss Prevention (DLP), security sensors, and other analytic technologies. Work with security operations teams to update and maintain the security content, incorporating feedback to improve detection logic and alert quality. Research emerging threat actor tactics, techniques, and procedures (TTPs) and incorporate threat intelligence into new security content. Perform proactive threat hunts to identify gaps in current detection methods and develop improved analytic methods that can be employed to enhance threat detection quality.

Basic Qualifications:

  • 3+ years of experience with configuring alerts and developing content in analytic technologies, including Splunk, Qradar, ArcSight, or Hadoop

  • Experience with configuring security sensing technologies, including DLP, EDR, Tanium, FireEye HX, or Crowdstrike, firewalls, IDS, or Web and e-mail proxies

  • Knowledge of security threats and detection techniques

  • Ability to address and solve complex problems and client challenges

  • Ability to self-manage and prioritize work activity

  • Ability to travel to the client site up to 75% of the time

  • BA or BS degree

Additional Qualifications:

  • Experience with scripting languages, including Python

  • Experience with Splunk search

  • Knowledge of Windows and *Nix

  • Possession of excellent oral and written communication skills

  • BA or BS degree in CS, IT, or a related field

We're an EOE that empowers our peopleno matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristicto fearlessly drive change.

CMCL


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Security Analyst

Onyx Point, Inc.

Posted Yesterday

VIEW JOBS 11/16/2019 12:00:00 AM 2020-02-14T00:00 <div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8000001907349px; line-height: normal;"><br /> <strong><u>REQUIRED SKILLS/ABILITIES:</u></strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;"><span style="color:#FF0000;"><strong>TO BE CONSIDERED FOR THIS POSITION YOU <u>MUST</u> HAVE AN ACTIVE TS/SCI W/ FULL SCOPE POLYGRAPH SECURITY CLEARANCE (U.S. CITIZENSHIP REQUIRED)</strong>  </span></li> </ul> <div> <div style="padding: 0; margin: 0;"> <div dir="LTR"><span style="font-size:14px;"><u><b>Responsibilities include, but are not limited to:</b></u></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Provides detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Characterizes and performs analysis of network traffic and system data to identify anomalous activity and potential threats to resources.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Performs security event and incident correlation using information gathered from a variety of sources within the enterprise.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Performs cyber incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations which enable expeditious remediation.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Tracks and documents cyber incidents from initial detection through final resolution.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents</span></li> </ul> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Performs cyber incident trend analysis and reporting.</span> <div dir="DEFAULT"> </div> </li> </ul> <div dir="LTR"><span style="font-size:14px;"><u><b>Position Requirements:</b></u></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Minimum Education: B.S. or equivalent experience in related field</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Minimum/General Experience: 2-4 years of related experience</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Experience working in a Cybersecurity Operations Center environment desired</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Experience with COTS technologies used in a Cybersecurity Operations Center environment desired</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">CNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certification</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification desired</span></li> </ul> <div dir="LTR"><span style="font-size:14px;"><u><b>Demonstrated technical experience:</b></u></span></div> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Proficient in Windows and Linux operating systems.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Working knowledge of current COTS Cybersecurity technologies.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Working knowledge of database and operating system security.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Understanding of latest security principles, techniques, and protocols.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Excellent verbal and written communication skills are required.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Ability to effectively interact with various levels of senior management is necessary.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.</span></li> <li style="padding: 0; margin: 0;"><span style="font-size:14px;">Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.</span></li> </ul> </div> </div> </div> Onyx Point, Inc. Denver CO

Cyber Threat Analyst, Lead

Booz Allen Hamilton Inc.