View all jobs

SME – Insider Threat Analysis

Columbia, MD
Why Work at SI?
Secure Innovations (SI) successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber!  Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."

SI was built on the principle that people matter first and foremost, and believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth.  We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.

Education and Clearance Requirements:
  • BS & 12 yrs
  • Must have required clearance level
  • Subject matter expert performing insider-threat hunting operations in support of the customer’s networks and systems. 
Day to day activities may include expertise in the following:
  • Discover and characterize network and platform anomalies to include cross domain violations and submit findings to the Reporting Team Lead for analysis and report generation
  • Monitor, identify and analyze anomalous network activities on various networks
  • Conduct multi-source threat analyses to examine host behaviors and network traffic for high priority malicious attacks, anomalous traffic, or other incidents of interest, as well as generate reports as appropriate
  • Integrate Cyber Threat Intelligence to inform customer on newly discovered threats and vulnerabilities associated with the technologies used in the enterprise for the purpose of developing hunt analytics. Any shareable vulnerability information will be made available for traditional tipping and alerting to the broader customer base
  • Monitor adversarial capabilities, exploits, vulnerabilities, mitigation techniques, and best practices information and guidance through all-source research
  • Identify areas for deeper dive analysis of threat and vulnerabilities
  • Examine network topologies to understand data flows through networks and provide mechanisms to tip countermeasures
  • Employ analysis and tools to discover new threat actors
  • Implement the applicable reporting guidelines outlined in applicable directives and guidance
  • Conduct research/planning for strategy development in response to real-time operational requirements
  • Identify and document gaps in all data (e.g., netflow, syslog, etc.) that affect the customer mission in order to determine how to better posture mission capabilities
  • Develop, document and synchronize the recommendations and the tasking of signature and rule sets across ail sensors e.g., IDS, FW, etc. used by the customer
  • Knowledge of systems configuration and management of firewalls, IDS, servers and work stations
  • Experience with Red Team and/or Penetration Testing
  • Knowledge of incident categories, incident responses, and timelines for responses
  • Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data
  • Demonstrated experience supporting external investigations
  • Familiarity with software development and network operations concepts and methodologies
  • Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools such as EnCase and open source alternatives
  • Experience with the Windows and Linux operating systems
  • Experience with investigating malicious code
  • Experience with scripting (Powershell, Python, Java)
Nice to Haves
  • Tier III Analyst experience, Network Analytics, Incident Investigations, Reverse Engineering and Malware Analysis, Task Prioritization
  • Strong comfort level with IPv4, TCP/IP, and RFC data, low level networking and protocols, TCP/UDP Ports for Apps, and understanding of what is normal/abnormal endpoint and on-wire activity
  • Experience in Cloud Environment using cloud analytics and PIG scripts/jobs to present data and using the Hadoop Distributed File System
  • Use of SIEMs or scripting to pull data into usable formats. Notification sources are Antivirus, HIDS, NIDS, IPS, and Firewalls
  • Experience with Wireless and SCADA are a plus
  • Ability to work extremely well under pressure while maintaining a professional image and approach
  • Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
Secure Innovations, LLC. (SI) is a Service Disabled Veteran Owned Small Business, headquartered in Columbia, Maryland. We are a growing company that specializes in modernizing and operating reliable IT systems by harnessing emerging technologies with proven innovations. Our capabilities include a full range of IT engineering, cyber security, IT strategic planning, IT operations, program management, software/application development, and IT communications implementation.
Secure Innovations, LLC. is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class.

Share This Job

Powered by