A.C.Coy Company

Cyber Threat Analyst

A.C.Coy Company

contract

Posted on:

Location Type: Hybrid

Location: Falls ChurchVirginiaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

SeniorLead

Tech Stack

CloudCyber SecurityLinuxSplunkUnix

About the role

  • Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.
  • Monitor cyber security events, detecting incidents, and investigating incidents.
  • Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.
  • Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.
  • Develop, test and Implement dynamic Risk-Based Alerting (RBA).
  • Identify and develop RBA and identifying use cases for SOAR and AI/ML.
  • Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary.
  • Analyze network traffic utilizing available tools and provide recommendations.
  • Perform vulnerability assessments of recently discovered CVEs against internal systems and network.
  • Assist in the process of configuring or re-configuring the security tools.
  • Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
  • Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
  • Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
  • Provide support to contract Program Manager, as necessary.
  • Effectively communicates technical information to non-technical audiences.
  • Influence others to comply with policies and conform to standards and best practices.

Requirements

  • Bachelor's or Master's Degree in Computer Science, Information Systems, or other related fields.
  • 8+ years of experience with security operations, threat hunting, and incident response.
  • Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
  • Experience in configuring network devices and analyzing network traffic.
  • Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
  • Experience in researching, developing, and implementing SOAR use cases.
  • Familiarity with Security Orchestration, Automation, and Response (SOAR) platform.
  • Familiarity with cybersecurity operation center functions.
  • Experience configuring and re-configuring security tools, including SentinelOne and Splunk.
  • Experience implementing Security frameworks, such as MITRE ATT&CK and NIST, and can interpret use cases into actionable monitoring solutions.
  • CERTIFICATIONS (One or more required): CISSP or CISA or CISM or GIAC or RHCE.
  • Excellent oral and written communication skills.
Benefits
  • 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security operationsthreat huntingincident responsevulnerability assessmentsnetwork traffic analysisautomation use casesdynamic Risk-Based Alertingsignature constructionalert tuningcompliance testing
Soft Skills
effective communicationinfluencetechnical information presentation
Certifications
CISSPCISACISMGIACRHCE