• Serve as the Cyber security Watch Analyst responsible for analyzing information collected from a variety of sources to identify, analyze, and report on events to protect information systems and networks from threats.
• Perform technical security activities to include:
o Characterize and analyze security events to identify anomalous and potential threats to systems
o Analyze identified malicious activity to determine exploitation methods and impacts
o Triage intrusions, malware, and other cyber-security threats
o Document, track and escalate cyber-security incidents
• Comment on new ODNI/NIST standards / regulations as applies to client environment
• Employ best practices when implementing security requirements within an information system.
• Participate in IC Community Shared Resources Working Group.
• May serve as a technical team or task leader.
• Maintains current knowledge of relevant technology as assigned.
• Respond to cyber incidents as defined in DOE-IN Incident Response and local SOP.
• Participates in special projects as required.
Primary Skills Required:
• 10 years of cyber security experience with a Bachelor’s Degree in a technical field.
• Desired Candidates have CISSP or other security certification.
• Knowledge of common adversary tactics, techniques, and procedures.
• Experience working in a SIEM, interpreting IDS alerts, and deriving context from event logs
• Candidates must have the following experience and knowledge:
o Knowledge of the IC and audit collection policies.
o Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
o Possess the ability to communicate in written and oral form. Publication or presentation experiences a plus.
o Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
Primary Skills Desired:
• Possesses experience supporting the Intelligence Community (IC)
• Experience analyzing host based security events and indicators
• Experience analyzing network based security events and indicators
• Experience working in a SOC and supporting incident response
• Experience with supporting the Joint Worldwide Intelligence System (JWICS).
• Knowledge of cloud architecture.
• Knowledge of virtualization capabilities.