Cyber Security Analyst
Leidos - Scott Air Force Base, IL
posted 5 months ago
About the position
At Leidos, we are committed to delivering innovative solutions through the efforts of our diverse and talented workforce. We are currently seeking a Cybersecurity Analyst to join our Defense Group task force at Scott Air Force Base, IL. In this role, you will be integral to our mission of providing comprehensive cybersecurity solutions to protect our customers' critical information and systems. Your primary responsibilities will include performing cyber threat intelligence analysis, correlating actionable security events, and conducting network traffic analysis using raw packet data, net flow, IDS, IPS, and custom sensor outputs. You will also participate in the coordination of resources during incident response efforts, ensuring that our cybersecurity measures are robust and effective. As a Cybersecurity Analyst, you will review Department of Defense (DoD) and open-source intelligence to identify potential threats. You will be responsible for identifying Indicators of Compromise (IOCs) and integrating them into our sensors and Security Information and Event Management (SIEM) systems. Your role will involve triaging and reviewing system alerts to detect malicious actors on customer networks, assisting Tier 1 analysts with their triage and analysis tasks, and completing moderate-level analyses of potential cybersecurity events that could threaten IT systems. You will also be tasked with reporting incidents to customers and USCYBERCOM, creating complex technical reports on your analytic findings, and maintaining a proactive approach to cybersecurity. This position requires a motivated self-starter with strong written and verbal communication skills, as you will need to convey complex technical information clearly and effectively. You will be part of a team that is dedicated to solving some of the world's toughest security challenges, contributing to a safer environment for our customers and communities.
Responsibilities
- Perform cyber threat intelligence analysis and correlate actionable security events.
- Conduct network traffic analysis using raw packet data, net flow, IDS, IPS, and custom sensor outputs.
- Participate in the coordination of resources during incident response efforts.
- Review DoD and open-source intelligence for threats.
- Identify Indicators of Compromise (IOCs) and integrate them into sensors and SIEMs.
- Triage and review system alerts to identify malicious actors on customer networks.
- Assist Tier 1 analysts with triage and analysis.
- Complete moderate-level analysis of potential cybersecurity events that could threaten IT systems.
- Report incidents to customers and USCYBERCOM.
- Create complex technical reports on analytic findings.
Requirements
- Bachelor's degree and 4+ years of prior relevant experience (related DISA customer experience and Cyber courses/certifications may be substituted in place of degree).
- Active DoD 8570, IAT Level II Certification, and CSSP-Analyst1 certification at your start date.
- Demonstrated understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation.
- Understanding of intrusion set tactics, techniques, open-source, and procedures (TTPs).
- Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
- Experience and proficiency with Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics.
- Experience with malware analysis concepts and methods.
- Familiarity or experience in Intelligence Driven Defense.
- Willingness to perform rotating shift work.
Nice-to-haves
- Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification (Security+ CE, CISSP or equivalent).
- Demonstrated commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
- CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization or Security Operations Center.
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk).
