Position: Cyber Security Incident Analyst
Location: Jersey City, NJ
Duration: 6 Months Contract
Travel: Domestically and Internationally
As a member of Cyber Threat Intelligence Team, the Threat Hunter will be part of a team that plays a critical role in the continuous monitoring of cyber attacks. The successful candidate will be responsible for hunting through large data sets to detect advanced threats that evade detection capabilities of traditional controls.
The candidate should be able to travel domestically and/or internationally, provide out of hours on-call support for issues requiring escalation, and may be required to provide ad-hoc shift support on occasion.
- Detect patterns within large data sets that match the tactics, techniques and procedures of known threat actors, advanced malware and unusual behaviors.
- Leverage the MITRE ATT&CK threat model to quantify our security risk against known adversary behaviors and develop analytics (dashboards, reports, and alerts) to detect the identified behaviors.
- Collaborate with the Cyber Threat Intelligence and the Incident Response team to build threat profiles of adversary groups.
- Provide subject matter expertise and technical support to Tier 1 Incident Handlers and Tier 2 Incident Handlers.
- Assist in the construction of signatures which can be implemented on security controls in response to new or observed threats.
- Confer with incident handlers, security analysts, engineers, programmers, and others to design applications that support incident response and monitoring functions.
- Provide expert analytic investigative support of large scale and complex security incidents.
- Conduct dynamic and static malware analysis on samples obtained during incident handling or hunt operations in order to identify IOCs.
- Ability to identify hidden patterns or relationships with large and unrelated data sets.
- Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- Experience with Security Information and Event Management (SIEM) solutions (e.g. SA, Envision, Splunk ES) and EDR tool suites (e.g. Carbon Black, Tanium).
- Skill in parsing large data files, automating manual tasks, and fetching/processing remote data.
- Skill in writing scripts (e.g., R, Python, PIG, HIVE, SQL) and using data analysis tools (e.g., Excel, SAS, SPSS).
- Ability to use data visualization tools (e.g., Flare, HighCharts, AmCharts, D3.js, Processing, Google Visualization API, Tableau, Raphael.js).
- Skill in performing packet-level analysis using appropriate tools (e.g., Netwitness, Wireshark, tcpdump).
- Skill in static and dynamic analysis of malicious code.
- 5 to 10 years’ experience working within a CSIRT or SOC team is preferred.
- Industry certifications such as GCIH, GREM, GCFA, GCFE, and GMON are desirable.