Cybersecurity Incident Analyst
TCI has an immediate need for a Cybersecurity Incident Response Analyst in Fort Knox, KY. This is not a Corp2Corp opportunity. This is a 6 month contract opportunity with the possibility of hire. In addition to competitive, market-rate based pay, TCI provides all our Consultants with Comprehensive Medical/Dental Insurance, 401k, Life Insurance and Long Term Disability benefits.
Please note that this position requires a current DoD Security Clearance.
We are offering an exciting DoD Contract opportunity with our government sector client on the Fort Knox, KY Military Campus. If you enjoy a collaborative and creative work environment, this is a great opportunity for you to join a rapidly growing IT team.
The Cybersecurity Incident Response Analyst will work supporting the Cybersecurity Division. Working closely with representatives from other divisions and branches (IT, Networking, etc.) to request information, provide clarification, and validate findings, evidence, and statements.
- Perform logging, correlation, and scanning with tools such as Assured Compliance Assessment Solution (ACAS), HP ArcSight Enterprise Security Management (ESM), and Security Onion.
- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
- Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, and mainframes.
- Monitor information security alerts though the use of a Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts.
- Investigate security incidents through log analysis, interviewing, evidence collection and preservation, and forensics.
- Utilize sensor data and correlated logs containing IDS/IPS, Antivirus, Windows events, web, and similar data to establish context and Identify false-positives and false-negatives.
- Respond to computer security incidents according to the cybersecurity incident response plan.
- Track and document Computer Network Defense (CND) hunts and incidents from initial detection through final resolution.
- Provide feedback to peer teams to enhance the sensor set and improve signature fidelity.
- Compile and analyze data for management reporting and metrics.
- Support Cybersecurity internal and embedded inspection teams.
- Minimum 5 years’ experience in Cybersecurity as a primary job duty.
- Minimum 2 years’ experience in Incident Response or 2 years operating as a Cyber protection and testing (red/blue) team member.
- Hands-on SIEM experience is required.
- Demonstrated understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set Tactics, Techniques, and Procedures.
- Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, systems administration, OSI model, defense-in-depth, and common security elements.
- Experience auditing IPS/IDS, firewall, web server, and database logs.
- Must currently possess a valid DoD Secret Security Clearance. TCI will assist with transfers of clearances.
- Must currently possess or have the ability to obtain CompTia S+ Certification prior to start or Higher level DoD 8570 certifications (i.e. CISSP, CASP, etc.)
Job Status: Full Time