Intrusion Detection Analyst

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Tyto Athene, LLC

Tyto Athene is searching for a Incident Detection Analyst to support our customer in Washington, DC.

Responsibilities:

• Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs.
• Conduct Incident Triage to prioritize newly identified security incidents for follow-on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident. Conduct immediate actions to evaluate and contain threats as necessary in accordance with the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), Incident Response Operations Guide, and any other published SOC operations guides and manuals. Please see SLA SOC3.
• Perform deep dive analysis (manual and automated) of malicious links and files.
• Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events.
• Provide Executive Summary in accordance to IDT Operations Guide.
• Provide 5W briefing slides for each event for leadership briefing.
• Provide on demand time/trend/event based metric reports for SOC management.
• Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event.
• Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end to end incident response support to local incident responders to ensure the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary.
• Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary.
• Directly support the Judiciary Special Tactics and Active Response (JSTAR) team and provide incident response support for critical security incidents as they arise.
• Perform appropriate event escalation for events, notifications, and non-responsiveness from customers. Contractors shall track all notifications in the SOC ticketing system and escalate tickets to Watch Officers or SOC management in cases where the customer is non-responsive or requires clarification that is outside the scope of the normal operations. Contractors will be familiar with the JSOCIRP escalation and reporting procedures.
• Continuously review and update the Incident Handlers (IH) Guide and provide recommendations to annual updates for the JSOCIRP. All SOPs and Op Guides are federal government property. Contract staff provide recommendations in draft form for federal management review, approval and adoption.
• Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder

Required:

• 6 years of security intrusion detection examination experience involving a range of security technologies that product logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs;
• Ability to communicate clearly both orally and in writing.
• Working experience with Splunk SIEM.
• At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments

Hours of Operation/Shift:

Education/Certifications:

• Bachelor’s degree in information systems, Computer Science or related field is preferred. // Splunk Fundamentals I & II certification.

Clearance:

• Public Trust

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $100K-$105K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.

• Seniority level
  Associate

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at Tyto Athene, LLC by 2x

Medical insurance

401(k)

Vision insurance

Pension plan

Paid maternity leave

Tuition assistance

Paid paternity leave

Get notified about new Incident Analyst jobs in Washington, DC.

Washington, DC $55,000.00-$85,000.00 10 hours ago

Washington, DC $80,000.00-$85,000.00 10 hours ago

Washington, DC $90,000.00-$110,000.00 1 week ago

Washington, DC $80,000.00-$85,000.00 1 week ago

Washington DC-Baltimore Area $20.00-$25.00 1 day ago

Washington, DC $120.00-$125.00 3 weeks ago

Washington, DC $90,000.00-$110,000.00 5 days ago

Washington DC-Baltimore Area 18 hours ago

Washington, DC $124,400.00-$232,700.00 3 days ago

Indian Head, MD $75,000.00-$115,000.00 2 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.