Springfield, VA

Tier 2 Cyber Threat Analyst

Job Specs

Cyber Systems
Springfield, Virginia, United States

Job Description: CSOC Tier 2 - Cyber Defense (CD) Analysis Service  (24x7x365) 

XOR Security is currently seeking a talented Tier 2 Cyber Defense Analyst to support an Intelligence Community Customer in Springfield VA. The Cyber Security Operations Cell (CSOC) support includes analysis, investigation, reporting and remediation of cyber incidents, incident escalation to CSOC/Focused Operations, planning and development of cyber countermeasures, initiation of incident notification procedures, and collaboration with external IC and DoD Cyber units as well as reporting Cyber Defense status to the CSOC, Customer leadership, and external IC and DoD Cyber units. 

 To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, analysis, and incident response. Strong written and verbal communications skills are a must. The ideal candidate will have a solid understanding of cyber threats and information security in the domains of TTP’s, Threat Actors, Campaigns, and Observables.

Job Duties:

  • Provide 24x7x365 Information Assurance monitoring
  • Maintain overall responsibility for any tasks, analysis, or detection required during cybersecurity incident response
  • Create system rules and signatures to detect and disrupt all anomalous network activity
  • Execute event/incident procedures, long-term analysis and investigation into NGA network activity and provide investigation reports to Cyber Defense Analysts or as directed by the Government
  • Manage event and information intake to include gathering intelligence reports, investigating reported incidents, and interacting with existing internal and external cyber security groups as necessary
  • Identify, categorize, prioritize, and investigate correlated events and escalate to Cyber Defense Analysts IAW the Incident Monitoring SOP on Event identification
  • Ensure Cyber Security incidents are detected and tracked within the approved SIEM tool in a timely manner


Springfield, VA. USA 

Skills and Qualifications:

Required Qualifications:

  • Three to five (3-5) years of experience in network defense environments
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience
  • Position requires a current CND-A certification with the appropriate computing environment certification(s) for the tools and devices they support IAW DoD 8570.01-M
  • Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (Attribution, Targeting) and Malware Analysis
  • Strong logical/critical thinking abilities, especially analyzing network traffic and IDS events for malicious intent
  • Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
  • Ability to work greater than 40 hours per week as needed (occasional night and weekend work required)
  • Ability to work on-call for escalated cyber security incidents.
  • Experience with deployment and documentation of enterprise project management and change management processes
  • Ability to identify solutions to potential network issues/embrace network simplification and strengthened security
  • Ability to conduct event triage and analysis and incident investigation

Desired Qualifications:

  • Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts
  • Understanding of command line scripting and implementation (e.g., Python, Powershell)
  • Ability to write new content/searches/scripts (e.g., Splunk dashboards, Splunk ES alerts, SNORT signatures, Python scripts, Powershell scripts)
  • Experience with tools such as Active Directory, Cisco IOS, MS Server, ESA, WSA, Stealthwatch, AMP, Splunk, Splunk ES, SNORT, Yara, IronPort, and Firepower.
  • Strong understanding of networking (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
  • Ability to perform NetFlow / packet capture (PCAP) analysis

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and TOP SECRET WITH SCI CLEARANCE REQUIRED.