Cyber Threat Analyst
Kamis is seeking a motivated Cyber Threat Analyst to support a Federal Government Agency in Washington, DC. Candidates must be well versed in security operations, cyber security tools, intrusion detection and secured networks. This is a full time direct hire position in Washington DC and requires an active Top Secret Clearance.
DUTIES AND RESPONSIBILITIES (ESSENTIAL FUNCTIONS)
- Gather, extract, and disseminate open source intelligence (OSINT) on threat actors targeting the agency, health care industry, government agencies in general, as well as public sector.
- Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Threat Connect, Risk Vision, and RiskIQ.
- Provide Subject Matter Expert (SME) level evaluation on threats to an enterprise network as well as new technologies that could be leveraged to protect it by identifying security gaps with advanced analysis. Produce ‘white papers’ to customer to clearly document threat and how to address.
- Work with industry partners to gather and share intelligence. Apply intelligence to the network and systems to proactively identify potential cyber threats.
- Review audit logs and identify any unusual or suspect behavior
- Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
- Provide proactive APT hunting, incident response support, and advanced analytic capabilities
- Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams
- Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH)Provide security solutions and interpretations of security policies as they relate to specific security infrastructure, architectures and information systems in customer environment.
- Coordinate meetings, compile reporting and manage deliverables.
- Ensure IT security policies and controls are adequately addressed by conducting periodic quality control measurements including but not limited to IT security evaluations, audits, and reviews to verify that systems under customer purview are operating in a manner consistent with DHHS, DHS Security Policies, controls and standards.
- Evaluate, document and coordinate technical cyber security capabilities of various groups supporting the client, with an emphasis on risk, compliance, controls and logging.
- Assist team in implementation and maintenance of various Cyber Operations systems and applications as needed; for example, NAC, IDS, etc.
JOB REQUIREMENTS AND QUALIFICATIONS
- BS/BA degree from accredited university
- Four or more years of CTA work experience
- Certification (or ability to obtain certification) in at least one of the following areas: 1) Certified Counterintelligence Threat Analyst (CCTA), 2) Certified Cyber Intelligence Professional (CCIP), or 3) Certified Cyber Investigations Expert (CCIE)
- Advanced network forensic experience with the following application layer protocols HTTP/S, DNS, NTP, SSH, FTP, and SMTP
- Experience with advanced cyber security tools, network topologies, intrusion detection, PKI, and secured networks
- Experience interpreting and implementing cyber security regulations
- Excellent verbal communication skills
- Excellent written skills for preparing reports and briefings
- Excellent analytical and problem solving skills
- Must possess Top Secret Clearance