Motion Recruitment - Arlington, VA
posted about 2 months ago
Full-time
Arlington, VA
Administrative and Support Services
About the position
The Security Analyst II plays a crucial role in the design, configuration, testing, and deployment of both on-premises and cloud services. This position involves responsibilities in incident response, threat hunting, and providing proactive support for development activities across cloud and on-prem environments, ensuring the security and integrity of information systems.
Responsibilities
- Detect anomalous activity and assess the potential impact of security events.
- Monitor information systems and assets to identify cybersecurity events and verify protective measures' effectiveness.
- Maintain and test detection processes to ensure awareness of unusual activities.
- Coordinate response efforts with internal and external stakeholders, including external service providers.
- Conduct thorough analysis to facilitate effective incident response and support recovery efforts.
- Perform activities to contain and mitigate the impact of security incidents and work towards resolution.
- Execute and maintain response processes to address detected cybersecurity incidents.
- Oversee and maintain recovery processes to restore systems affected by cybersecurity events.
- Continuously improve recovery planning by integrating lessons learned into future activities.
- Coordinate restoration efforts with internal teams and external entities, including response centers, CSIRTs, and vendors.
- Support overall cybersecurity initiatives and contribute to the organization's mission.
Requirements
- At least 3 years in a systems engineering or administration role.
- Minimum of 4 years as a security analyst.
- At least 5 years in cybersecurity roles.
- GIAC certifications (GCIH, GCIA, GMON, GCED) or similar defense-focused certifications are preferred.
- Other relevant certifications (e.g., EC-Council, ISC2, Cisco, Microsoft, Fortinet, CompTIA, Offensive Security) considered based on applicability to defensive cybersecurity operations.
- Bachelor's Degree in cybersecurity, IT, computer science, or related field, or equivalent experience.
- Technical leadership on cybersecurity projects and consultations.
- Experience leading a Cybersecurity Incident Response Team (CIRT), CSIRT, and working with MSSPs on daily incident response tasks.
- Proficiency in deploying, configuring, and maintaining cybersecurity technology stacks.
- Ability to communicate complex cybersecurity concepts to non-technical audiences.
- Strong commitment to promoting cybersecurity policies and standards organization-wide.
- Ability to foster collaborative relationships across teams to advance the organization's mission.
Nice-to-haves
- Expert knowledge in technologies and concepts such as DFIR, IAM, PAM, DLP, NGFW, EDR, SIEM, IDS/IPS.
- Strong foundational understanding of IT and cybersecurity, including email security, application security, cloud security (IaaS & PaaS), MITRE ATT&CK, SIEM, SOAR, CASB, MSSPs, DNS, Linux, Windows.
- Basic knowledge of NIST, MDM, OWASP, scripting languages (PowerShell/Python/JavaScript), MacOS, malware analysis, LOLBAS, vulnerability management, WAF, CIS Benchmarks.
