Sr. InfoSec Operations Analyst

MITRE Corporation - McLean, VA

posted 4 months ago

Full-time - Mid Level
McLean, VA
Professional, Scientific, and Technical Services

About the position

At MITRE, we are dedicated to addressing our nation's most pressing challenges while ensuring the well-being of our employees. As a not-for-profit corporation, we operate without commercial conflicts, focusing solely on the public interest. Our R&D centers work on impactful projects across various fields, including cybersecurity, healthcare, aviation, defense, and enterprise transformation. We strive to create a safer, healthier, and more secure world, and our workplace culture reflects our commitment to innovation, diversity, inclusion, and professional growth. The Information Security department at MITRE is seeking an Operations Analyst to play a crucial role in responding to and investigating cybersecurity incidents. This position presents a unique opportunity to engage with a wide range of security disciplines, such as incident response, forensics, reverse engineering, malware analysis, intrusion detection, network security, and system security. As a part of our team, you will contribute to our legacy of cybersecurity innovation and work alongside dedicated professionals in the field. In this role, you will be responsible for responding to security alerts, investigating potential compromises, and documenting security events in our ticketing system. You will analyze log data for signs of malicious activity using a Security Information and Event Management (SIEM) system, develop new analytics, and automate workflows in a Security Orchestration, Automation, and Response (SOAR) tool. Additionally, you will hunt for undetected indicators of compromise and perform incident response actions, including forensics and memory analysis.

Responsibilities

  • Respond to security alerts, investigate for signs of compromise and react accordingly.
  • Track and document security events and incidents in a ticketing system.
  • Analyze log data for signs of malicious activity in a SIEM.
  • Develop new analytics and apply mitigations for adversary Tactics, Techniques, and Procedures (TTPs).
  • Automate workflows in a SOAR tool.
  • Hunt for undetected indicators of compromise.
  • Develop new ways to use existing data to identify malicious activity.
  • Perform Incident Response actions such as forensics, memory analysis, etc.

Requirements

  • Typically requires a minimum of 5 years of related experience with a Bachelor's degree; or 3 years and a Master's degree; or a PhD with relevant experience who can immediately contribute at this job step; or equivalent combination of related education and work experience.
  • Must be detail oriented and able to consistently follow incident investigation process.
  • Must have good analytical, written, verbal, and interpersonal communication skills.
  • Must be able to work well as part of a team and be self-motivated to work on individual projects.
  • Must have prior experience with cloud monitoring and response or analytic development in at least one major cloud provider's environment (AWS, Azure, or GCP).
  • Must have prior hands-on experience analyzing and responding to cyber events, including network, endpoint, server and cloud.
  • Must have prior hands-on experience with threat hunting.

Nice-to-haves

  • Applied knowledge of Cyber Security concepts.
  • Familiarity with Linux, Mac, and Windows Operating Systems.
  • An in-depth understanding of TCP/IP network protocols and application layer protocols (e.g., HTTP, SMTP, DNS, etc.).
  • Experience analyzing adversary tactics, techniques, and procedures (TTPs) and developing defenses and/or detections for them.
  • Scripting experience, preferably with Python.
  • Experience with Splunk or Elastic Search.
  • Hands-on cloud incident response experience.
  • Works well independently and with the team.
  • Technical leadership skills.
  • Solves complex problems.
  • Adaptability to new tools, architectures, and policies.
  • Prior experience with network, host, and memory forensics.

Benefits

  • Competitive benefits
  • Exceptional professional development opportunities
  • Culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service