Phia IDS/IPS Nationwide Data Analyst in Arlington, Virginia
phia LLC is seeking a skilled Cyber Security Analyst to support a large Federal Security Operations Center (SOC) and its 24x7 SOC mission. This team focuses on Network Data & Forensics Analytics.
Technical analysis of network activity; the analyst monitors and evaluates network event data, signature-based IDS events and full packet capture (PCAP) data.
Triage IDS alerts; collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, prepare initial summary reports.
Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data
Analyze network flow data for anomalies and to correlate reporting with enterprise-wide network activity
Document key event details and analytic findings in an incident management system
Provide oversight and assessment of incident response and triage actions across a large enterprise
Identify & extract network indicators from incident reporting and published technical advisories/bulletins
Perform incident correlation & escalation
Recommend new IDS signatures and detection strategies.
Produce final reports and review incident reports from other analysts.
Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.
Assess cyber indicators/observables and collaborate in the development of IDS signatures and detection mechanisms.
Monitor and report on trends and activity on network sensor platforms.
Provide technical assessments of cyber threats and vulnerabilities
Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise
Develop, maintain and update standard operating procedures
Provide routine status updates for ongoing projects, trouble tickets, incidents, and other related tasks
Maintain awareness of major events and trends in the cyber security landscape
Research and evaluate emerging capabilities
Ensure that all alerts are monitored, interpreted, analyzed, and investigated
Utilize external reporting tools for threat intelligence
Monitor all security-relevant logs and alerts for signs of compromise, attack, or system misuse and policy violations
Innovate new methods to use existing tools and data sources, and identify and obtain new data sources, to detect cyber intrusions
Write detailed incident reports
Collect incident and investigation metrics and trending data, identify key trends, and provide situational awareness on these trends
Monitor all-source threat reporting
Bachelor’s Degree in Cyber Security, Information Technology or a related discipline
9 or more years of relevant work experience
Working knowledge of network and/or security operation center (NOC/SOC)
Vulnerability analysis, audits, and management skills
Experience with product security vulnerability management, responsible disclosure, publishing CVEs, and experience working with security research community
Experience providing metrics and reports from a SIEM
Excellent written and oral communication skills
Must be a team player, proactive, and possess excellent problem solving and organizational skills
Experience managing IT systems
Experience with researching and fielding new and innovative technology
Demonstrated proficient knowledge of industry standards and best practices within Intrusion Detection
Active Top Secret Security clearance with ability to obtain a DHS background investigation (EOD)
Possession and demonstrated application of relevant certifications such as MCSE, CCNA, CISSP, ISC, SANs GIAC, PMP, etc.
Experience with using vulnerability assessment tools such as Tenable Security Center, Nessus, McAfee (Foundstone) Enterprise, AppDetective, dbProtect, Cenzic, or other web application/database vulnerability assessment tools
Experience with vulnerability audits and assessments
Experience with red team and/or pentesting assessments
Understanding of NIST/CNSS Risk Management processes, Controls Application/Test, Incident Response, Forensic and related guides
DODD 8570 Level II certification (SANS certifications, CISSP)
Experience leading and managing within SOC/NOC operations
Familiarity with Kill Chain for incident response
Familiarity with malware analysis
Familiarity with forensics
Familiarity with incident response products and best practices
Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint)
Customer service experience
Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines
WORK SCHEDULE: Core Business Hours (Schedule is flexible but must be between the hours of 6AM-6PM M-F)
TELEWORK ELIGIBILITY: N/A
SECURITY REQUIREMENT: Active SSBI
phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer’s missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:
Short Term & Long-Term Disability
401k Retirement Savings Plan with Company Match
Paid Time Off (PTO)
Tuition and Professional Development Assistance
Flex Spending Accounts (FSA)