Job Description

TCI has an immediate need for a Hybrid Cyber Threat Analyst in Falls Church, VA. This is not a Corp2Corp opportunity. This is a long-term contract opportunity with the possibility of hire. In addition to competitive, market-rate based pay, TCI provides all our Consultants with Comprehensive Medical/Dental Insurance, 401k, Life Insurance and Long-Term Disability benefits.

Please note that this position requires a DoD Public Trust Security Clearance. Remote support will be allowed for local (VA, DC, MD) qualified candidates


RESPONSIBILITIES
  • Implement a dynamic, advanced Risk-Based Alerting (RBA) security framework within Splunk
  • Create and test detections written in advanced Splunk Programming Language (SPL)
  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
  • Leverage tools including Splunk, Tanium, FireEye suite as part of duties performing cyber incident response analysis.
  • Act as an observer to Red Team penetration testing exercises and collaborating with Cybersecurity Operations Center (CSOC)
  • Correlate event or incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • Work with a diverse team of analysts in conducting incident triage, incident handling, and remediation.

REQUIREMENTS
  • 5+ years experience with Splunk, MITRE ATT&CK Framework, Endpoint Security Services
  • 5-7 years of experience with security operations and incident response
  • CERTIFICATIONS: (One or more is required of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.
  • Experience with host level scripting, eg. Powershell.
  • Experience in working with one or more Cloud Platforms
  • Familiarity with cybersecurity operation center functions
  • Linux Administration and monitoring
  • Windows Administration and monitoring
  • Experience with Security framework and can interpret use cases into actionable monitoring solutions.
  • Security Information and Event Management (SIEM) systems.
  • Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
  • Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS).
  • Network and Host malware detection and prevention.
  • Network and Host forensic applications.
  • Web/Email gateway security technologies.
  • Sysmon.
  • Log aggregation tools.
  • Demonstrated ability to establish priorities, manage shifting priorities, and handle numerous time-sensitive projects with multiple deadlines
  • Ability to accomplish goals working through formal and informal channels, with diplomacy and tactfulness
  • Demonstrated solid planning and organizational skills
  • Demonstrated experience working independently and as part of a team
  • EDUCATION: Bachelors OR Masters Degree in Computer Science, Information Systems, or other related field.
  • Must possess a valid Public Trust Security Clearance or have the ability to obtain one prior to start.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online