Senior Cyber Security Analyst

ManTech (


  Full Time   Employee   Contractor

United States

As a Senior Cyber Security Analyst (Detection/Response), the tasks will include analyzing all relevant cyber security event data and other data sources to detect and respond to cyber security incidents; produce reports, assist in coordination during incidents; and mentor Cyber Security Analysts on advanced detection and analysis methods.

Responsibilities Include:
? Analysis of network activity logs using Wireshark, Splunk, netflow, etc. to identify root cause, malicious activity, and evidence of post-exploitation
? Analysis of Windows log files for the purpose of finding artifacts related to malicious activity
? Ability to problem solve, ask questions, and discover why things are happening
? Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs
? Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues
? Mentor and train cyber security analysts on advanced detection and analysis methods
? Responsible for tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management
? Notify the Customer of significant changes in the security threat against the Customer networks in a timely manner and in writing via established reporting methods
? Provide support for the A/V hotline and appropriately document each call in an existing tracking database for this purpose
? Produce daily/weekly/monthly/quarterly reporting as required by management
? Coordinate with appropriate organizations regarding possible security incidents
? Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact
? Produce reports identifying significant or suspicious security events to appropriate parties
? Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event
? Recommend and/or execute procedures for handling each security event detected
? Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary
? Be able to create and add user defined signatures, or custom signatures, to compensate for the lack of monitoring in threat areas as warranted by threat changes or as directed by the customer
? Develop appropriate ArcSight Dashboards, Data Monitors, Query Viewers, Trends, and Reports as needed to investigate detection trends and activities
? Develop and implement a methodology using Arcsight Use Case UML processes that identify procedures for correlating security events
? Analyst should all be able to create custom content and develop new use cases to better correlate security event information
? Utilize ?Case Management? processes for incident and resolution tracking
? Identify misuse, malware, or unauthorized activity on monitored networks
? Maintain proficiency and skills through relevant training, conventions, conferences, and on-the-job training
? Provide analytical support as needed for the overall projects and systems by working with engineers, O&M, and other personnel to ensure effective operations of all capabilities, piloting of new systems, and periodic updates to systems

Required Qualifications:
? Bachelor?s Degree in cyber security, computer engineering, computer science, or other closely related IT discipline
? Strong analytical and problem solving skills
? Minimum of five years of progressively responsible experience in cyber security analysis, incident response, or related experience
? Experience in Incident Handling and/or Digital Forensics, familiarity with advanced cyber threats, experience authoring and reading Snort and/or Yara rules; and advanced knowledge of TCP/IP, OSI model, and pcap analysis.
? DoD 8570 IAT Level III compliant
o GCIA, GCIH, and/or HP ASE ArcSight ESM Advanced Analyst certifications preferred
? Good interpersonal, organizational, writing, communications and briefing skills
? Clearance Requried: TS/SCI with Poly


To apply for this job, contact:
Human Resources

Save This Job

Email This Job to a Friend