Senior Threat Analyst (DCO)
Major Job Activities:
• Oversee monitor, detect, analyze, and correlate events for potential threat activity utilizing Security Information Event Management (SIEM) systems, Big Data Analytics, and other supporting platforms or applications.
• Lead exploratory and in-depth analysis of network traffic from security devices, analysis of host-based audit logs, malware analysis, trending of cyber incident reports, correlation of classified and open-source threat reporting, and linkages/integration with other DCO agencies.
• Investigate and identify the cause, source, and methodology of compromises or incidents.
• Initiate computer incident handling procedures to isolate and investigate potential network information system compromises.
• Perform trend analysis on events and incidents to identify and characterize threats.
• Conduct open-source research to identify commercial exploits or vulnerabilities (i.e. Zero – Day) required response actions.
• Organize and conduct Cyber hunt missions that include, but are not limited to, examining information systems, network devices, and endpoints for indicators of compromise.
• Prepares formal comprehensive reports and presentations for both technical and executive audiences.
• Configure and optimize software and hardware detection and prevention capabilities.
• Perform host and network base signature development and standardization for implementation on end-point products or sensor grid.
• Develop, document, and refine Tactics, Techniques, and Procedures (TTP).
Material & Equipment Directly Used:
• Basic Office Equipment.
• Normal office environment.
• May require support during periods of non-traditional working hours including nights or weekend.
• Must be able to lift/push/pull 40 lbs. unassisted.
Education / Certifications:
• Bachelor of Science (BS) Degree.
• IAT Level II Baseline Certification: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP.
• Certified Ethical Hacker (CEH).
• GIAC Certified Intrusion Analyst (GCIA).
• ITIL v4 Foundation certification desired upon hire, required within three months of hiring date.
• U.S. citizenship is required.
• Active TS/SCI (Top Secret/Sensitive Compartmentalized Information).
Experience / Skills:
• 5 years of applicable experience working with various data (network and system) technologies, with a minimum of two of those years focused on information systems security, cyber threats and SIEM event analysis.
• Excellent interpersonal, organization, writing, communicating, and briefing skills.
• Excellent analytical and problem-solving skills.
• ArcSight, AESS, JRSS, IronPort, Security Onion, Gabriel Nimbus BDP.
Supervisory / Budget Responsiblities:
Acts in a technical based supervisory capacity.
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.