*completed 4 year degree (no exceptions)
*background check required

As a Principal Cyber Security Analyst, you will use your skills, experience and talents as a part of a groundbreaking, forward thinking, visionary cyber security operation. This position processes vulnerability and threat data from a variety of sources to provide actionable intelligence to internal stakeholders. Lead Incident Response for security incidents of many kinds, including advanced, targeted, attacks. Frequently collaborate with internal and external partners. Acts as a team leader throughout the process if initial triage, investigation and escalation decision tree.  Investigates alerts and alarms to provide escalation details for partner teams.  Acts as the point of contact for investigation and remediation. This role will report to the Director of Engineering.

DAY IN THE LIFE

• Monitors events for impact of risk and ensures prompt response to protect people, assets, integrity of IT systems.
• Participates in detection, response, and remediation of information security incidents.
• Hunt, identify, analyze, and develop containment and remediation plans for security incidents to reduce impact.
• Continually monitor security tools for anomalous and malicious behavior of systems on the network (On-Prem and AWS Cloud) and escalate as necessary.
• Establish a working relationship with internal and external partners such as Managed Security Services (MSSP), including alert tuning and response to alerts raised by our MSSP
• Assist with maintenance and health of security related tools used.
• Monitor and analyze security logs e.g., firewall, IPS/IDS, Database, and correlate the logs using numerous database query techniques and tools.
• Demonstrate experience working with network, host, and user activity data, assessing norms, and identifying anomalies.
• Create content, modify existing content, to ensure continuous quality monitoring within the Security Incident and Event Management platform (SIEM).
• Perform analysis on logs, traffic flows, and other activities to identify malicious activity
• Develop rules that trigger response to malicious activity
• Execute scanning and assessment services including network discovery, penetration testing, and vulnerability scanning
• Conduct proactive monitoring, logging and alerting to analyze, correlate, and respond to cyber attacks
• Perform threat and vulnerability assessments and provide subject matter expertise on appropriate threat mitigation
• Execute vulnerability management scans (On-Prem and AWS) and follow through to remediate identified security concerns.
• Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response
• Identify emerging threat actors and track existing actors as their tactics, techniques and procedures evolve
• Carry out an internal red team exercise in order to improve security controls
• Thoroughly investigate incidents and analyze the impact, exposure, and scope of the problem
• Help formalize, document, and execute the incident management process
• Research, utilize and leverage the available SIEM tools for logging, monitoring, reporting and assessing defined alerts.
• Technical knowledge of TCP/IP, network security, application security, database security, and endpoint security
• Provide comprehensive security metrics to leadership on a quarterly basis or upon demand
• Take part in SOC 2 activities such as audits, controls review, evidence gathering, and other related tasks
• Support VA and other government-related security controls and requirements as it relates to MCMS provided solutions
   

QUALIFICATIONS

Must Have: Minimum Requirements 

• Bachelor’s Degree in Computer Science, Cyber Security, or related technical field
• Minimum of 7 years of relevant IT and security experience or 5 years with an Advanced degree
• US Citizenship required as this role will be engaged with US government entities and will require security clearance

Nice to Have: 

• Experience working in a SOC
• Additional experience with SIEM products such as Alien Vault, Splunk, SolarWinds, ArcSight
• Strong knowledge of host and network forensic tools and techniques
• Strong knowledge of information security and networking
• Experience with malware analysis and understanding of attack techniques
• Experience interpreting, searching, and manipulating data within enterprise logging/SIEM solutions.
• Experience working with AWS cloud configuration and security
• Experience working with government entities such as the DoD or VA
• Communication/liaison skills between internal and external parties
• Experience working with a managed security service provider (MSSP)
• At least one of the following certifications or equivalent experience: GCFA, GCIH, GCIA, GPEN, CISSP, CISM, CCNA and/or CISA certification
• Familiarity with security analysis of security system logs and network protocols
• Strong problem solving and troubleshooting skills including the ability to perform analysis investigation
• Strong written and verbal communication, as well as organizational and documentation skills
• Excellent communication skills including the ability to present complex presentations to large audiences.
• Proven experience in working with virtual teams and geographically dispersed stakeholders
• Proven people management skills working with internal staff, contractors, and external service suppliers
• Solid knowledge of risk and security frameworks like NIST, ISO, and RMF
• BS/MS in Cyber Security, Computer Science, Mathematics, Engineering, Information Services or equivalent