SIEM Analyst – Perform analysis on network activity data; including, network flow logs, signature-based IDS/IPS alerts and event data, and all other relevant network and system related data.
Troubleshoot alerts, interface with Cyber/IA compliance team on policy, identify the possibility of system infection, compromises, or high-risk exposure. Prepare detailed analysis reports.
Analyze large volumes of network flow data looking for specific patterns/characteristics or general anomalies
Find trends and correlate data from several sources for reporting regarding enterprise-wide network activity.
Develop and implement custom scripts to automate data-parsing and simple analytics.
Create reports on key events and findings
Work with Cyber/IA team to identify indicators from cyber threat intelligence sources, incident reporting, and published technical advisories and bulletins.
Experience with ELK and rule creation.
US Citizenship is required with the ability to obtain a Security clearance
Bachelor’s Degree in Computer Science or a related technical field and a minimum of 5 years related technical work experience
Working knowledge of security concepts and analysis tools
Working knowledge of networking concepts architectures.
Awareness of the common cyber products and services and their features and limitations.
Ability to work and produce results in an agile and fast-paced environment with dynamic deadlines.
Experience working within the Federal government and/or DoD
Familiarity with incident response products and best practices.