Springfield, VA

Tier 3 Cyber Threat Analyst

Job Specs

Cyber Defense

Job Description:

XOR Security is currently seeking a talented Tier 3 Cyber Threat Analyst to join our team with an Intelligence Community Customer in Springfield VA. The Cyber Security Operations Cell (CSOC) support includes analysis, investigation, reporting and remediation of cyber incidents, incident escalation to CSOC/Focused Operations, planning and development of cyber countermeasures, initiation of incident notification procedures, and collaboration with external IC and DoD Cyber units as well as reporting Cyber Defense status to the CSOC, Customer leadership, and external IC and DoD Cyber units. 

The Tier 3 Incident Response Analysts' duties include leading, supporting, coordinating and acting as the initial point of contact for security operations floor activities. They will assist with developing, maintaining, tuning, and monitoring cyber security content for detection and prevention capabilities. Will support investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing network forensic and intrusion detection support to high technology investigations in the form of researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.

Basic Responsibilities:

  • Work with the Incident Response team to conduct forensics on potential malware and confirm as a threat or false positive.
  • If malware is confirmed, work with the Incident Response and Email teams to conduct sweeps across the federated DHS organization to eliminate the threat and update policy enforcement points
  • Work with the Splunk team to implement, enhance, or change existing use cases
  • Pivot on the forensic data working with the Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how DHS is being targeted and take any further remediation required
  • Monitor and conduct investigations for SIEM network alerts for potential cyber intrusions
  • Contribute to Incident Response investigations working with the Incident Response team
  • Potentially travel to other DHS locations (1-3 times/year) to support Incident Response investigations
  • Lead and mentor other SOC support staff and communication with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program

Required Qualifications:

  • Minimum five (5) years of experience in network defense environments.
  • The Analyst should have expertise in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP AND ACTIVE TOP SECRET CLEARANCE REQUIRED.