Intrusion Detection Analyst @ Tyto Athene

Tyto Athene delivers secure, mission-critical solutions that empower agencies to modernize networks, enhance cybersecurity, and achieve information dominance.

View all jobs at Tyto Athene

Tyto Athene is searching for a Intrusion Detection Analyst to support our customer in Washington, DC.

Responsibilities:

• Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs.
• Conduct Incident Triage to prioritize newly identified security incidents for follow-on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident. Conduct immediate actions to evaluate and contain threats as necessary in accordance with the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), Incident Response Operations Guide, and any other published SOC operations guides and manuals. Please see SLA SOC3.
• Perform deep dive analysis (manual and automated) of malicious links and files.
• Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events.
• Provide Executive Summary in accordance to IDT Operations Guide.
• Provide 5W briefing slides for each event for leadership briefing.
• Provide on demand time/trend/event based metric reports for SOC management.
• Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event.
• Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end to end incident response support to local incident responders to ensure the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary.
• Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary.
• Directly support the Judiciary Special Tactics and Active Response (JSTAR) team and provide incident response support for critical security incidents as they arise.
• Perform appropriate event escalation for events, notifications, and non-responsiveness from customers. Contractors shall track all notifications in the SOC ticketing system and escalate tickets to Watch Officers or SOC management in cases where the customer is non-responsive or requires clarification that is outside the scope of the normal operations. Contractors will be familiar with the JSOCIRP escalation and reporting procedures.
• Continuously review and update the Incident Handlers (IH) Guide and provide recommendations to annual updates for the JSOCIRP. All SOPs and Op Guides are federal government property. Contract staff provide recommendations in draft form for federal management review, approval and adoption.
• Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder

Required:

• 6 years of security intrusion detection examination experience involving a range of security technologies that product logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs;
• Ability to communicate clearly both orally and in writing.
• At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments

Hours of Operation/Shift:

Education/Certifications:

• Bachelor’s degree in information systems, Computer Science or related field is preferred. // Splunk Fundamentals I & II certification.

Clearance:

• Public Trust

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $100K-$108K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.
• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.

Tyto Athene is searching for a Intrusion Detection Analyst to support our customer in Washington, DC.

Responsibilities:

• Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs.

• Conduct Incident Triage to prioritize newly identified security incidents for follow-on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident. Conduct immediate actions to evaluate and contain threats as necessary in accordance with the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), Incident Response Operations Guide, and any other published SOC operations guides and manuals. Please see SLA SOC3.
• Perform deep dive analysis (manual and automated) of malicious links and files.
• Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events.
• Provide Executive Summary in accordance to IDT Operations Guide.
• Provide 5W briefing slides for each event for leadership briefing.
• Provide on demand time/trend/event based metric reports for SOC management.
• Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid-level system or network administrator to understand what has occurred and what needs to take place to remediate the event.
• Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end to end incident response support to local incident responders to ensure the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary.
• Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary.
• Directly support the Judiciary Special Tactics and Active Response (JSTAR) team and provide incident response support for critical security incidents as they arise.
• Perform appropriate event escalation for events, notifications, and non-responsiveness from customers. Contractors shall track all notifications in the SOC ticketing system and escalate tickets to Watch Officers or SOC management in cases where the customer is non-responsive or requires clarification that is outside the scope of the normal operations. Contractors will be familiar with the JSOCIRP escalation and reporting procedures.
• Continuously review and update the Incident Handlers (IH) Guide and provide recommendations to annual updates for the JSOCIRP. All SOPs and Op Guides are federal government property. Contract staff provide recommendations in draft form for federal management review, approval and adoption.
• Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder

Required:

• 6 years of security intrusion detection examination experience involving a range of security technologies that product logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs;
• Ability to communicate clearly both orally and in writing.
• Working experience with Splunk SIEM .
• At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments

Hours of Operation/Shift:

• Sat-Sun (7:00am - 7:30pm) & Tues-Wed (3PM-11:30PM)

Education/Certifications:

• Bachelor’s degree in information systems, Computer Science or related field is preferred. // Splunk Fundamentals I & II certification.

Clearance:

• Public Trust

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $100K-$108K. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave.

QualificationsTyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.