Cyber Threat Analyst
Dragonfli Group
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
Tech Stack
About the role
- Perform triage on security escalations and detections to determine scope, severity, and root cause; monitor cybersecurity events and investigate incidents efficiently.
- Identify, recommend, and implement automation use cases leveraging AI/ML capabilities to accelerate response times.
- Support the deployment, configuration, testing, and maintenance of the Security Orchestration, Automation, and Response (SOAR) platform, specifically focusing on SentinelOne and Splunk integrations.
- Create and modify detection rules, signatures, and alerts across SIEM and EDR platforms (Splunk and SentinelOne) to reduce false positives and enhance fidelity.
- Analyze alerts from Cloud, SIEM, EDR, and XDR tools; build and maintain comprehensive dashboards and perform complex queries to support decision-making.
- Perform vulnerability assessments of discovered CVEs against agency systems and analyze network traffic to provide actionable security recommendations.
- Apply security frameworks such as MITRE ATT&CK and NIST to interpret use cases into actionable monitoring solutions.
- Effectively communicate technical findings to non-technical audiences and influence stakeholders to comply with security standards and best practices.
Requirements
- 7+ years of experience with security operations, threat hunting, and incident response
- Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
- Experience in configuring network devices and analyzing network traffic
- Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
- Experience in researching, developing, and implementing SOAR use cases.
- Familiar with Security Orchestration, Automation, and Response (SOAR) platform
- Familiarity with cybersecurity operation center functions.
- Experience configuring and re-configuring security tools, including SentinelOne and Splunk.
- Experience implementing Security frameworks, such as MITRE ATT&CK and NIST, and can interpret use cases into actionable monitoring solutions.
- MUST have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.
- Strong working knowledge of: Develop, test and Implement dynamic Risk-Based Alerting (RBA) Identifying and developing RBA and identifying use cases for SOAR and AI/ML. Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary. Analyze network traffic utilizing available tools and provide recommendations. Perform vulnerability assessments of recently discovered CVEs against USPS systems and network. Assist in the process of configuring or re-configuring the security tools. Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes. Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave. Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
Benefits
- Insurance – health, dental, and vision
- Paid Time Off (PTO) and 11 Federal Holidays
- 401(k) employer match
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
security operationsthreat huntingincident responsevulnerability assessmentsnetwork traffic analysisautomation use casesdynamic Risk-Based Alerting (RBA)detection rulessignaturesalerts tuning
Soft Skills
effective communicationinfluencing stakeholders
Certifications
CISSPCISACISMGIACRHCE