Cyber Defense Analyst 3 (CDA3)

RealmOne was built on the principle that people matter first and foremost. We believe in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch industry professionals.
Join us on this journey as we execute this mission-critical contract providing high-end analytics and data science services within the REALM of cybersecurity.
Your effort and expertise are crucial to the success and execution of this impactful mission that is critical in ensuring mission success through Security Engineering, Risk Management and Assessment, and Insider Threat Analysis, by improving, protecting, and defending our Nation's Security.
Job Description:
The Cyber Defense Analyst III (Endpoint Security) is a senior SOC role responsible for defending enterprise endpoints against advanced threats through monitoring, detection engineering, incident response, and endpoint-focused threat hunting. This position emphasizes deep expertise in endpoint detection and response (EDR), host-based analysis, and adversary behavior on Windows and Linux systems.
The Cyber Defense Analyst 3 shall possess the following capabilities:

• Monitor and analyze endpoint telemetry for indicators of malicious activity.
• Investigate host-based intrusions, malware execution, and persistence mechanisms.
• Analyze Windows and Linux endpoint artifacts, processes, registry activity, and event logs.
• Utilize EDR platforms to identify, contain, and remediate threats.
• Conduct forensic analysis of compromised systems and malicious processes.
• Identify PowerShell abuse, credential theft, and endpoint exploitation techniques.
• Analyze attacker persistence and lateral movement across enterprise environments.
• Correlate endpoint and SIEM data to support threat investigations.
• Support cyber incident response and remediation activities.
• Perform endpoint-focused threat hunting operations.
• Mentor junior analysts and support operational best practices.
• Participate in after-action reviews and analytical validation activities.
  
  

Qualifications:

• Eight (8) years Cyber Defense Analyst experience.
• Experience with endpoint detection and response technologies.
• Two (2) years TCP/IP fundamentals experience.
• Two (2) years Wireshark or tcpdump experience.
• Three (3) years SIEM experience.
• Three (3) years threat analysis and incident response experience.
• Experience investigating host-based intrusions and malware activity.
• 8x5 schedule.

Certifications Required:

• DoD 8570 compliance with CSSP Analyst baseline certification
• Information Assurance Technical (IAT) Level I or Level II certification
• Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE
  certifications.
• Global Information Assurances Certification (GIAC) Certified Incident Handler (GCIH) certificate or Certified Intrusion Analyst (GCIA) certificate.
• Splunk software training course "Fundamentals 1"

Position requires active Security Clearance with appropriate Polygraph