Cyber Threat Analyst 2

30 Nov 2024

Vacancy expired!

ECS is a federal contractor. As such, we are subject an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order. Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines. The above does not apply to personnel applying to United States Postal Service positions, however, as an ECS employee you will be required to complete the ECS COVID-19 survey to be compliant with Executive Order 14024.

ECS is seeking a

Cyber Threat Analyst 2 to work in our

Fairfax, VA office.

Job Description: As a leading managed cybersecurity services provider, ECS delivers a highly tailored and customized offering to each customer. Our team is responsible for protecting the ECS corporate and customer networks. Our mission is broad, and our team is agile. We will leverage your unique skills to help solve customers' challenges, such as engineering a system to address a technical hurdle, protecting customer data, or consulting on a wide range of security topics. You are empowered to engage and lead across multiple groups and must have the self-sufficiency and focus to work well without constant oversight. Our Tier 2 Cyber Threat Analysts (CTA) serve as shift leads within the Security Operations Center (SOC). They are responsible for monitoring client environments and providing technical oversight and direction to junior analysts. They support the commercial cybersecurity program in a 24x7 operations environment and may be required to work a rotating shift and provide on-call escalation support during non-business hours. Responsibilities
  • Lead a team of junior CTAs responsible for monitoring client environments. Provide coaching and mentorship to junior CTAs on security operations, incident response, and threat hunting.
  • Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls, and host-based security systems.
  • Provides customers with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
  • Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
  • Correlate network, cloud, and endpoint activity across environments to identify attacks and unauthorized use.
  • Review alerts and data from sensors. Document formal, technical incident reports.
  • Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance. Develop and administer SOC processes and review their application to ensure they are operating effectively.
  • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software.
  • Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory, and audit requirements.
  • Manage and coordinate operational components of incident management, including detection, response, and reporting. Lead the investigation of large- and small-scale cyber breaches.
  • Work with security information and event management (SIEM) to correlate events and identify indicators of threat activity.
  • Research emerging threats and vulnerabilities to aid in the identification of incidents.
  • Work with threat intelligence and threat-hunting teams. Maintain awareness of threat intelligence sources.
  • Create reports, dashboards, and metrics for SOC operations and client presentations.
  • Maintain awareness of current cyber threats, attack methodologies, and detection techniques using a wide variety of security products, including COTS and open source.
  • Assist in the evaluation of new analytical techniques and capabilities to determine how they can integrate into a managed security offering.
  • Communicate cyber events to internal and external stakeholders.
  • Revise and develop processes to strengthen the current operational activities; review policies and recommend changes to improve governance.

Required Skills:
  • A.S. or B.S., in cybersecurity, information security, computer science, or a related field.
  • 4+ years of experience in a technical cybersecurity role, including security operations, red team, or incident response.
  • Strong leadership abilities, with the capability to develop and guide junior analysts, and work with minimal supervision.
  • Excellent verbal, written, and interpersonal communication skills, including the ability to communicate effectively with the technical and non-technical personnel, project management teams, management, and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices, and strategies.
  • Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
  • An ability to effectively influence others to modify their opinions, plans, or behaviors.
  • An understanding of organizational mission, values, goals, and consistent application of this knowledge.
  • Good judgment and a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.
  • Can interface with, and gain the respect of, stakeholders at all levels and roles in the company and with MSP customers.
  • Experience triaging detections for SIEM, IDS, IPS, endpoint, and other security technologies.
  • Possess Certified Information Systems Security Professional (CISSP), GIAC (GCIH, GCIA, GCTI, GSOC, GCDA), or equivalent certification.

Desired Skills:
  • Experience mentoring and coaching junior security analysts.
  • Experience with multiple SIEM and SOAR technologies.
  • Experience with McAfee, Elastic, or Crowdstrike security stacks.
  • Knowledge of advanced persistent threat (APT) actor tactics, techniques, and procedures (TTPs).
  • Practical experience using MITRE ATT&CK.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans. ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

  • ID: #23651987
  • State: Virginia Fairfax 22030 Fairfax USA
  • City: Fairfax
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2021-11-30
  • Deadline: 2022-01-28
  • Category: Security