Cyber Security Associate 5 (Cyber Threat Analyst - Deep Dive Analyst) BFA

Salient CRGT Washington, DC

Company/Position Overview

The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. You will be responsible for coordinating resources across the VA enterprise and consolidating log data into a centralized repository (Splunk) where they will be correlated, analyzed and enriched by other threat analysts to identify Indicators of Compromises (IOCs), Advanced Persistent Threat (APT) and other unauthorized activities on the VA network.

* Provide proactive event monitoring/event management/configuration of the following security tools for targeted threats and malicious activity including but not limited to: Splunk, Palo Alto Networks, McAfee EPO, Cisco Ironport, Netscout, Sourcefire Defense Center and Bigfix

* Determine if an event meets the criteria for additional cyber hunt investigation and/or constitutes a security incident subject to investigation and notify team lead or designate within 15 minutes

* Review audit logs and identify any unusual or suspect behavior

* Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks

* Develop and execute custom scripts to identify host-based indicators of compromise

* Provide advanced technical capabilities to senior leadership, including Big Data Analytics, and Predictive Intelligence

* Provide proactive APT hunting, incident response support, and advanced analytic capabilities

* Profile and track APT actors that pose a threat to the organization in coordination with threat intelligence support teams

* Support the incident response process by providing advanced analysis services when requested to include recommending containment and remediation processes, independent analysis of security events, and reporting of identified incidents to Incident Handling (IH)

Mandatory Qualifications (Education, Certifications, Experience, Skills)

* Competency: Senior Specialist/SME

* Knowledge: Expert knowledge in specialized functions. Exhaustive understanding of, both general and specific aspects of the job and its application.

* Problem Solving: Works on unusually complex technical problems and provide solutions which are highly innovative and ingenious.

* Supervision: Work is unsupervised and assignments are often self-initiated. Work checked through consultation and agreement with client rather than by formal review of superior. May supervise others.

* Education / Experience: 12 years total experience; Bachelor's degree (or Associates degree & 2 years relecant experience with professional certifications, such as CISSP, GREM, or GCIH. Minimum of 6 years information technologies; minimum of 4 years advanced Cyber Thread Information Experience. 4 years of relevant experience with professional certifications, such as CISSP, GREM, or GCIH

* PWS Specified Certifications: Must have at least one of the following certifications: Certified Ethical Hacker (CEH); Certified Information Systems Auditor (CISA); GIAC Systems and Network Auditor (GSNA); GIAC Certified Incident Handler (GCIH); CERT - Certified Computer Security Incident Handler (CSIH); SPLUNK Certified Knowledge Manager; SPLUNK Certified Admin; SPLUNK Certified Architect

* Background Investigation: Must be able to pass and maintain a Government Background Investigation

Desired Qualifications (Education, Certifications, Experience, Skills)

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions. We support these core capabilities with full lifecycle IT services and training—to help our customers meet critical goals for pivotal missions. We are purpose-built for IT transformation supporting federal civilian, defense, homeland, and intelligence agencies, as well as Fortune 1000 companies.

If you feel you are qualified for this position, express interest by clicking the Apply button below (if you are viewing this position on the Salient CRGT website). If you are viewing this job posting outside of the Salient CRGT website, please visit: www.salientcrgt.com/careers to express interest in this position through the Salient CRGT Careers page.

Salient CRGT is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity or expression, veteran status, disability, genetic information, or any other factor prohibited by applicable anti-discrimination laws.