Threat Response Analyst
The Threat Response Analyst (TRA) will be responsible for acknowledging and researching ALL Security Incident Event Management (SIEM) alarms during their shift. In this role you will perform historical correlation analysis on incidents and events generated inside of the SIEM environments. The Threat Response Analyst will also be responsible for following case development and escalation workflows when activity needs to be escalated to the client and provide tuning recommendations to the Client Service Manager
REPORTING RELATIONSHIPS:
Threat Response Analyst reports to the Senior Operations Analysts
Works closely with all teams on the SM&A directorate to support program strategy and reporting actions
DUTIES & ESSENTIAL JOB FUNCTIONS:
- The Threat Response Analyst will be responsible for acknowledging and researching ALL Security Incident Event Management (SIEM) alarms during their shift.
The Threat Response Analyst will be responsible for following case development and escalation workflows when an alarm needs to be escalated to the client.
The Threat Response Analyst will be responsible for performing historical correlation analysis on incidents and events generated inside of the SIEM environments. They will also be responsible for following case development and escalation workflows when of note activity needs to be escalated to the client.
The Threat Response Analyst will be responsible for providing rule and alarm tuning recommendations to the SIEM engineering team while also notifying the Client Service Manager.
OTHER FUNCTIONS AND RESPONSIBILITIES:
Perform other duties as assigned
QUALIFICATIONS:
Required
Bachelor’s Degree in Information Technology, Information Security/Assurance, and Engineering or related field of study; or at least two years of related experience and/or training; or equivalent combination of education and experience preferred.
Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
Experience utilizing the Cyber Kill Chain
Experience in gathering and managing threat intelligence
Experience doing behavioral and static malware analysis (might a bit ambitious for the pay scale)
Ability to fully utilize MS Office products required
Experience working with interpreting, tuning, searching and manipulating data within SIEM or other related security tools
Ability to present a recommended remediation strategy to client in professional format
Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
Knowledgeable and experienced using basic regular expressions
Preferred
Linux administration experience
Shell scripting experience e.g. BASH, CSH, KSH
Security + certification
CEH
Experience using open source tools such as Remnux, Kali, VirusTotal, IPVoid, TCPdump MetaSploit, etc.