Hybrid Position (Local to MD): Security Analyst with Response & Risk Management

Client is seeking an information security analyst who will be a key member of a consulting team providing advice, support and reporting, to federal agencies, in the Incident Response & Risk Management areas of Information Security. This role will be primarily responsible for conducting incident handling tasks during different phases of Computer Security Incident Response (CSIR) - monitoring, research, analysis of security alerts and events.

Key Responsibilities

• Monitor and analyze security events and alerts from multiple sources, including security information and event management Security Information & Event Management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows, Linux, and Unix), and databases
• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks
• Initiate tickets, document, and escalate to leadership
• Maintain a strong awareness of the current threat landscape and vectors
• Track and document cyber defense incidents from initial detection through final resolution and Root Cause Analysis.
• Support and employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
• Gather and analyze information for defining requirements, specifications, and issues to support the development of new policies, standards and procedures or update existing ones.
• Work with a team of diverse individuals and cross-functional teams to solve unique and complex problems with broad impact for client services and business.
• Provide clear, daily updates to management on security incidents; Investigate, document, and report on forensic investigations
• Provide daily updates to management concerning assigned or progressive security projects.
• Proficient in reporting and answering analytical questions using vulnerability data

Basic Qualifications

• Excellent teamwork and interpersonal skills
• Experience with intrusion detection/prevention systems and SIEM software
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Ability to handle high pressure situations in a productive and professional manner
• Strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Experience with security frameworks (i.e., Mitre Attack, Cyber Kill Chain, etc.)
• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, or related areas
• Familiarity with but not limited to: Vulnerability Management (VM),  Assessment and Authorization (A&A) process, Risk Management Framework (RMF)
• 2 years of hands-on SOC/TOC/NOC experience
• GCIA, GCIH, GCFE, CISSP, Security , Network , CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Understanding of programming/scripting languages and ability to run database queries
• Minimum bachelor’s degree in information security, Computer Science, or 8 years’ related experience
• Ability to work at the client’s site in Rockville, MD with limited telework/remote work options

Strong knowledge of the following

• Security Information & Event Management (SIEM)
• Secure Sockets Layer (SSL) Decryption / Transport Layer Security (TLS) Decryption
• Experience with Foreign Travel Threats and Vectors.
• Malware Detection, Endpoint Detection and Response (EDR)
• Packet Analysis with Network Monitoring Tools & a deep understanding of network protocols and devices.
• Mac OS, Windows, and Unix/Linux systems
• Email Security
• Data Loss Prevention (DLP)
• Anti-Virus: Microsoft Defender for Endpoint (MDE), Microsoft Defender Antivirus (MDAV)