- Washington, District of Columbia, United States
XOR Security is currently seeking a talented Intermediate level Security Analyst to support the Department of Homeland Security ESOC. The ESOC program provides comprehensive Computer Network Defense and Response support through monitoring and analysis of potential threat activity targeting the DHS enterprise. To support this vital mission, XOR staff are on the forefront of providing:
- Enterprise IT Cyber Security Support to include Vulnerability Scanning and Management;
- Enterprise System Monitoring, Analyzing, Detecting, and Defending Support Services;
- Security Incident Response and Reporting Services Support;
- Security Environment Research and Development Support Services;
- Penetration Testing, Phishing Attack, and Cyber Security Training Services.
To ensure the integrity, security and resiliency of DHSs critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables. Additionally, the ideal candidate would be familiar with intrusion detection systems, intrusion analysis, security information event management platforms, and cyber ticketing management.
Position is contingent on successfully completing a DHS BI.
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- Minimum 3-5 years of experience in network defense environments
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (Attribution, Targeting) and Malware Analysis
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
- Strong logical/critical thinking abilities, especially analyzing network traffic and IDS events for malicious intent.
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
- Ability to work greater than 40 hours per week as needed (occasional night and weekend work required)
- Ability to work on-call for escalated cyber security incidents
- Supports monitoring, response, and vulnerability assessment analysis or vulnerability assessment policy creation
- Takes on a primary role to support event analysis and incident response activities in support of the ESOC
- Analyzes all high and medium confidence events to confirm as incidents or false-positives
- Conducts incident response coordination for confirmed incidents
- Conducts malware analysis for malware incidents
- Supports Senior analysts in conducting cyber hunt activities by analyzing threat intelligence and creating content for the SIEM and other monitoring devices
- Supports Senior analysts in creating monitoring content or modifying vendor content within the SIEM and other monitoring devices
- Certifications: CEH, GCIH, GCFA, GCFE, GCIA or other similar GIAC certifications, Security+, ENCE
- Hands on experience responding to Advanced Persistent Threats or Emerging Threats
- Expertise on policies, industry trends, techniques related to penetration testing
- Ability to read and interpret PCAP data
- Active Secret/Top Secret or DHS Agency Clearance
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.