Cyber Threat Analyst
Washington, DC | Contract to Hire
Cyber Threat Analyst:
Our client is seeking an experienced, motivated Cyber Threat Analyst (CTA) to support their HHS customer. The CTA will work closely with the customer and be responsible for providing threat intelligence collection and monitoring, analysis, and reporting.
The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. The candidate will provide operational support on expert level analysis in regard to Advanced Persistent Threats (APTs), Indicators of Compromise (IOC), Intelligence Gathering and sharing this information with other formalized partners.
Duties and Responsibilities:
- Gather, extract, and disseminate open source intelligence (OSINT) on threat actors targeting the HHS, health care industry, government agencies in general, as well as public sector.
- Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Threat Connect, Risk Vision, and RiskIQ.
- Provide Subject Matter Expert (SME) level evaluation on threats to an enterprise network as well as new technologies that could be leveraged to protect it by identifying security gaps with advanced analysis. Produce ‘ white papers’ to customer to clearly document threat and how to address.
- Work with industry partners to gather and share intelligence. Apply intelligence to the HHS network and systems to proactively identify potential cyber threats.
- Review audit logs and identify any unusual or suspect behavior
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
- Provide proactive APT hunting, incident response support, and advanced analytic capabilities
- Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams
- Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH). Provide security solutions and interpretations of security policies as they relate to specific security infrastructure, architectures and information systems in customer environment.
- Coordinate meetings, compile reporting and manage deliverables.
- Ensure IT security policies and controls are adequately addressed by conducting periodic quality control measurements including but not limited to IT security evaluations, audits, and reviews to verify that systems under customer purview are operating in a manner consistent with DHHS, DHS Security Policies, controls and standards.
- Evaluate, document and coordinate technical cyber security capabilities of various groups supporting the client, with an emphasis on risk, compliance, controls and logging.
- Assist team in implementation and maintenance of various Cyber Operations systems and applications as needed; for example, NAC, IDS, etc.
- Four or more years of CTA work experience
- Certification (or ability to obtain certification) in at least one of the following areas: 1) Certified Counterintelligence Threat Analyst (CCTA), 2) Certified Cyber Intelligence Professional (CCIP), or 3) Certified Cyber Investigations Expert (CCIE)
- Advanced network forensic experience with the following application layer protocols HTTP/S, DNS, NTP, SSH, FTP, and SMTP
- Experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks
- Experience interpreting and implementing cyber security regulations
- Excellent verbal communication skills
- Excellent written skills for preparing reports and briefings
- Excellent analytical and problem solving skills
- Must possess Top Secret Clearance. For those candidates with a TS/SCI we will be able to hold your clearance