IDS Analyst (Shift involved)

This talented analyst will monitor antivirus, intrusion prevention systems (IPS), network access control (NAC) and Security information and event management SIEM systems to identify and report adverse system and network activity. Working independently and with little supervision, this "quarterback" will lead systems managers in running the applicable incident response "plays". The qualified candidate will be capable of conducting system and network security incident analysis, including: query and extraction of data from SIEM and log management systems; identifying common network attack techniques, tools, and signatures; correlation of observed system and network behavior with open and/or government sources; follow-up with system owners to validate detected network activity; writing and presentation of incident reports for technical and non-technical audiences.

Other highly desirable capabilities include: specification and recommendation of system, network and IDS sensor countermeasures, workarounds, and/or changes; explanation of security issues to non-technical staff. Develops and applies advanced methods, theories and research techniques in the solution of security environment requirements and problems. Reviews information systems security environments to include all aspects of physical, technical and administrative security issues. Develops client-specific information system risk-management alternatives and implementation plans. Provides information system security training to other employees and performs oversight of all task-specific activities such as document preparation, writing, methodologies, etc. Evaluates government and commercial policies, manuals, regulations and other documents for relevance to information security management issues and ongoing efforts. Performs other duties and assignments that may include project guidance and leadership to other team members.

Minimum Requirements:

Bachelor’s degree or equivalent work experience

Current shift opening: 6pm-6am with alternating Wed, Thurs / Wed, Thurs, Fri, Sat, Sun
Candidate must be able to obtain Interim Secret clearance

Current CISSP or SANS GCIA is required. Other relevant certifications (Such as 8570 IAT Level 2 CNSDSP) may be considered and approved. Selected candidate may be required to obtain appropriate certification within 6 months of start date.