Cyber Defense Endpoint Analyst

For the OPS Consulting team, ‘the power to help’ means helping our clients, helping serve the mission, helping our employees and their families, and helping the community. Headquartered in Hanover, MD. OPS Consulting has over two decades of experience specializing in the most mission-critical operations. We are thought leaders and innovators. The ingenuity of our developers, engineers, cyber experts, linguists, and analysts are dedicated to empowering our clients, fulfilling The Mission, and remaining trusted leaders and advisers in national security and technology solutions.

We are looking for a Cyber Defense Analyst 2 to join a growing team in Annapolis Junction, MD.

The Cyber Defense Endpoint Analyst (Level 2) performs advanced network monitoring, threat analysis, and intrusion detection in support of enterprise defense operations.

Schedule: 1pm - 9pm Monday through Friday

Responsibilities

• Threat Detection and Response: Utilize EDR tools to monitor for suspicious activity, such as ransomware, and perform automated or manual actions to isolate threats.
• Log Analysis and Monitoring: Review endpoint logs and security event to identify anomalous activity
• Perform advanced manual threat hunting
• Conduct PCAP and packet-level analysis
• Perform network traffic, protocol, and netflow analysis
• Analyze malicious activity and identify exploited weaknesses
• Correlate enterprise security events for situational awareness
• Understand IDS/IPS tuning and Snort filters
• Identify Command and Control (C2) indicators
• Detect host- and network-based intrusions
  
  

Requirements

• Four (4) years of demonstrated experience as a Cyber Defense Analyst in programs and contracts of similar scope, type, and complexity is required. A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of CDA experience.
• Must have strong ability to investigate, triage alerts, and think critically.
• Must have strong Windows background
• 1 year TCP/IP fundamentals
• 1 year experience with network traffic analysis tools (e.g., Wireshark, tcpdump)
• 2 years SIEM experience (e.g., Splunk, ArcSight, Kibana)
• 2 years network and threat analysis experience
• Splunk “Fundamentals I” course completion
• DoD 8570 CSSP Analyst baseline certification
• DoD 8570 IAT Level I or II
• CE certification
• 2 years maintaining or managing cloud environments (Azure, AWS)
• US citizenship and an active TS/SCI with Polygraph security clearance required
  
  

The Swift Group and Subsidiaries are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Pay Range: $49,996.80 - $290,004.00

Pay ranges are a general guideline and not intended as a guaranteed and/or implied final compensation or salary for this job opening. Determination of official compensation or salary relies on several different factors including, but not limited to: level of position, complexity of job responsibilities, geographic location, work experience, education, certifications, Federal Government contract labor categories, and contract wage rates.

At The Swift Group and Subsidiaries, you will receive comprehensive benefits including but not limited to: healthcare, wellness, financial, retirement, education, and time off benefits.