Title Cyber Security Defense Analyst Location Bethesda MD Duration 6 Months to Hire (Full time Conversion) Mode of Interview Telephonic followed by in-person The Cyber Security Defense Analyst will be responsible for providing key Threat Intelligence, Detection and Response Service and cloud based virtual datacenter. The selected individual will have the opportunity to contribute to building a CSOC from the ground-up. The ideal candidate will be a cyber security specialist with very strong background in threat intelligence and analysis, security monitoring and Incident Response for a cloud-based services environment. Responsibilities Perform threat and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation. Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response. Leverage threat intelligence eg FSISAC, NCFTA while actively monitoring critical financial services infrastructure. Assess the impact of potentially malicious traffic on company network and infrastructure. Perform in-depth analysis in support of network monitoring and incident response operations. Perform live incident response (reactive and proactive incident management) by identifying and remediating malicious applications and infrastructure components. Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and preventing attacks. Develop appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process. DevelopMonitor basic IDSIPS rules to identify andor prevent malicious activity. Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists Conduct research of emerging security threats. Propose additional components and techniques that could be used to proactively detect and prevent malicious activity. Provide other services as a key member of the Cyber Security Operations Team Security review and administration of changes to networks, servers and end point devices in collaboration with network operations. Security sensor policies for IDSIPS, Firewalls, web security gateway, logging. Continuous Control Monitoring including Baseline Security - Configuration monitoring. Investigations and Forensics Specialized Knowledge Skills Must have experience in SOCNOC environment Solid understanding of cloud based critical infrastructure systems security threats Deep experience with cyber security in the domains of cyber threat intelligence and analysis, security monitoring and Incident Response for a cloud-based services environment Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures. Detailed experience of network and system vulnerabilities, malware, networking protocols, multi-tiered applications and attack methods to exploit vulnerabilities. Experience in a technical security role, including network security, operating system security, Internet or Web security, Data Loss Prevention (DLP), anti-malware, IDSIPS, and penetration and vulnerability testing Strong knowledge of networking fundamentals such as TCPIP and basic packet analysis Candidate must have a working knowledge of network engineering and local and wide area (LANWAN) technologies and topologies. Must have experience with security and monitoring tools (ie Log management, eg Splunk, Firewall management, eg Fortinet, IDSIPS, SIEM, etc ). Knowledge and experience in Windows Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs. Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials Be able to work in fast paced environment with occasional on-call activities. Excellent interpersonal skills, presentation skills, and verbal written communication skills Self-starter adaptable to change motivated to set personal and program goals and proactively track performance against goals and initiatives Ability to manage multiple priorities projects, deliverables, and stakeholders Ability to influence peers and management ability to team cross-functionally and form relationships to achieve objectives Active in the security industry equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies. Industry Certification desired, eg CISSP, CISM Certification etc.. Prajith Chirag prajith.chiragcompugain.com 703-552-8940