The Threat Response Analyst (TRA) will be responsible for acknowledging and researching ALL Security Incident Event Management (SIEM) alarms during their shift.  In this role you will perform historical correlation analysis on incidents and events generated inside of the SIEM environments.  The Threat Response Analyst will also be responsible for following case development and escalation workflows when activity needs to be escalated to the client and provide tuning recommendations to the Client Service Manager

REPORTING RELATIONSHIPS:

• Threat Response Analyst reports to the Senior Operations Analysts

• Works closely with all teams on the SM&A directorate to support program strategy and reporting actions

DUTIES & ESSENTIAL JOB FUNCTIONS:

• The Threat Response Analyst will be responsible for acknowledging and researching ALL Security Incident Event Management (SIEM) alarms during their shift. 

• The Threat Response Analyst will be responsible for following case development and escalation workflows when an alarm needs to be escalated to the client.

• The Threat Response Analyst will be responsible for performing historical correlation analysis on incidents and events generated inside of the SIEM environments.  They will also be responsible for following case development and escalation workflows when of note activity needs to be escalated to the client. 

• The Threat Response Analyst will be responsible for providing rule and alarm tuning recommendations to the SIEM engineering team while also notifying the Client Service Manager.

OTHER FUNCTIONS AND RESPONSIBILITIES:

• Perform other duties as assigned

QUALIFICATIONS:

Required

• Bachelor’s Degree in Information Technology, Information Security/Assurance, and Engineering or related field of study; or at least two years of related experience and/or training; or equivalent combination of education and experience preferred.

• Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.

• Experience utilizing the Cyber Kill Chain

• Experience in gathering and managing threat intelligence

• Experience doing behavioral and static malware analysis (might a bit ambitious for the pay scale)

• Ability to fully utilize MS Office products required

• Experience working with interpreting, tuning, searching and manipulating data within SIEM or other related security tools

• Ability to present a recommended remediation strategy to client in professional format

• Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes

• Knowledgeable and experienced using basic regular expressions

Preferred

• Linux administration experience

• Shell scripting experience e.g. BASH, CSH, KSH

• Security + certification

• CEH

• Experience using open source tools such as Remnux, Kali, VirusTotal, IPVoid, TCPdump MetaSploit, etc.