Enable job alerts via email!

Cybersecurity Intrusion Detection Analyst

UIC Arctic Response Services, LLC

Vicksburg (MS)

On-site

USD 65,000 - 95,000

Full time

27 days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is on the lookout for a Cybersecurity Intrusion Detection Analyst to join their dynamic team in Vicksburg. This role is pivotal in safeguarding networks and systems, providing critical 24/7 operational support to identify and mitigate cyber threats. The ideal candidate will leverage their extensive experience in intrusion detection and incident response, collaborating closely with a team of experts to analyze data from various cyber defense tools. If you thrive in a fast-paced environment and are passionate about cybersecurity, this opportunity offers a chance to make a significant impact in the field.

Qualifications

5+ years of intrusion detection experience required.
Strong knowledge of computer security concepts and network technologies.
Effective communication skills for interpreting regulatory guidance.

Responsibilities

Analyze network traffic and event logs to identify vulnerabilities.
Conduct AS&W activities and develop responses to cyber incidents.
Provide 24/7 event handling and analysis support.

Skills

Intrusion Detection

Network Security

Incident Response

Threat Intelligence

Forensic Analysis

Communication Skills

Education

Bachelor's Degree

IT/System Administration Experience

Information Security Experience

Tools

IDS Alerts

Firewalls

Network Traffic Logs

Overview

Bowhead is seeking a Cybersecurity Intrusion Detection Analyst to join our team in Vicksburg, MS. The Cybersecurity Intrusion Detection Analyst utilizes data collected from various cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events within their environments for threat mitigation. They provide on-site 24x7x365 operational support, including event/incident handling and analysis for cybersecurity service subscribers. These individuals work alongside Warning Intelligence Analysts and Engineers in the Attack Sensing and Warning (AS&W) division, which detects changes in subscriber networks through baseline comparisons and intelligence fusion. They analyze diverse data sources to form a cohesive view of the current cybersecurity state, characterize network traffic to identify anomalies, and work in a 24x7 environment, requiring 12-hour shifts, day or night.

Responsibilities

Proactively analyze network and system traffic, event logs, and threat intelligence to identify vulnerabilities, assess exploitation likelihood, and refine security controls.
Develop and monitor policies and procedures for department operations.
Assess and consult on the security of information assets across networks, endpoints, databases, applications, and environments; contribute to asset inventory and categorization.
Receive and distribute AS&W information.
Conduct AS&W activities to develop appropriate responses, including archiving task orders and directives.
Maintain internal and external source location information.
Coordinate AS&W information from various sources to aid alert analysis.
Analyze IDS alerts to identify unauthorized or anomalous activities.
Document and report unauthorized activities or attacks, including IP addresses, attack vectors, and timeframes, following HPCMP CSSP SOPs.
Take action to prevent or mitigate impacts to the DODIN based on cyber threats; develop and share countermeasures and guidance.
Monitor platforms capable of continuous security monitoring for intrusions, attacks, anomalies, and insider threats.
Collect intrusion artifacts such as source code, malware, and trojans.
Correlate incident data to identify vulnerabilities and recommend remediation steps.
Report incidents within designated channels and timelines.
Provide 24/7 event/incident handling and analysis support.
Maintain logs documenting all reportable cyber events/incidents.
Analyze cyber events to identify incidents and categorize them.
Notify affected subscribers of incidents and assess mission impact.
Develop specific responses to cyber incidents.
Distribute tailored countermeasures and guidance to prevent recurring incidents.
Perform forensic analysis of systems and malware when needed, sharing relevant IOCs.
Mitigate operational and technical impacts of cyber incidents.
Contain malware spread through detection, analysis, and containment measures.

Qualifications

Bachelor's degree or equivalent experience.
At least 5 years of intrusion detection experience.
Minimum 2 years of relevant IT/System administration experience and 3 years of Information Security experience.
Certifications for DOD 8570 IAT Level II and CSSP-Analyst or CSSP-Incident Responder.
Ability to earn DoD 8570 computing environment certification within 6 months.
Understanding of network hardware and experience configuring access controls, firewalls, or routers.
Strong knowledge of computer security concepts.
Effective communication skills and ability to interpret regulatory guidance and vulnerabilities.
Advanced knowledge of network technologies and protocols.
Understanding of current threats and trends in Information Security.
Completion of specified Joint Qualification Requirement training within 180 days of hire.

SECURITY CLEARANCE REQUIRED: Must hold and maintain an active Secret clearance. US Citizenship is required for Secret clearance at this location.

Physical Demands: Must be able to lift up to 25 pounds, stand and walk for prolonged periods, and occasionally twist, bend, and squat.

#LI-MN1

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs