Cyber Threat Analyst III

Cyber Threat Analyst III - Remote

Key Responsibilities
* Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.
* Monitor cyber security events, detecting incidents, and investigating incidents.
* Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.

* Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.
* Provide support to contract Program Manager, as necessary.
* Effectively communicates technical information to non-technical audiences.
* Influence others to comply with policies and conform to standards and best practices.

Qualification Requirements
* MUST have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.

* 7+ years of experience with security operations, threat hunting, and incident response
* Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
* Experience in configuring network devices and analyzing network traffic
* Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
* Experience in researching, developing, and implementing SOAR use cases.
* Familiar with Security Orchestration, Automation, and Response (SOAR) platform
* Familiarity with cybersecurity operation center functions.
* Experience configuring and re-configuring security tools, including SenintelOne and Splunk.
* Experience implementing Security frameworks, such as MITRE ATT&CK and NIST, and can interpret use cases into actionable monitoring solutions.

Strong working knowledge of
* Develop, test and Implement dynamic Risk-Based Alerting (RBA)
* Identifying and developing RBA and identifying use cases for SOAR and AI/ML.
* Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary.
* Analyze network traffic utilizing available tools and provide recommendations
* Perform vulnerability assessments of recently discovered CVEs against USPS systems and network.
* Assist in the process of configuring or re-configuring the security tools.
* Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
* Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
* Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements

Education/Overall experience
* A minimum of eight (8) to twelve (12) years' relevant experience.
* A degree from an accredited College/University in the applicable field of servicesis required.If the individual's degree is not in the applicable field then four additional years of related experience is required.

Additional Provisions
* Pass a client mandated clearance process to include drug screening, criminal history check and credit check.
* Once candidate's resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
* If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
* All candidates must be a US Citizen or permanent status Green Card holder.
* Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)
* All overtime must be pre-approved in writing by the client manager or his/her designated representative.
* Agency will not be reimbursed for overtime charges without previous written authorization. Authorized overtime will be reimbursed at straight time.
* The enforced dress code is business casual, i.e., collared shirt with slacks for men, no skirts above the knee for women.