Senior Cyber Intrusion Detection Analyst

Overview

A Senior Cyber Intrusion Detection Analyst is needed to provide advanced incident response and monitoring support. This is a hybrid position based in Washington, D.C., covering 5th shift work (7am7pm Saturday & Sunday, Friday 11pm7am, and Tuesday 7am3pm).

Responsibilities

• Respond to cyber incidents, including SOC incident response calls and emails.

• Serve as Subject Matter Expert (SME) in investigations escalated from SOC Tier I & II analysts.

• Investigate phishing attempts and other potential cyber threats.

• Collaborate with SOC federal staff and Incident Handlers to triage, contain, and remediate incidents.

• Participate in Splunk engineer working groups to improve alerting rules and reduce false positives.

• Work closely with Threat Hunt and Security Intelligence teams to strengthen SOC capabilities.

• Follow established incident response procedures, while identifying process improvement opportunities.

• Manage incidents involving enterprise systems and sensitive data, including PII breaches.

• Detect, collect, analyze, and report cybersecurity incidents.

• Investigate and remediate malware infections.

• Analyze a variety of logs and alerts (firewall, IDS, malware, HIPS, PCAP, proxy, Windows/Active Directory, etc.) to identify anomalous activity and document findings.

• Conduct advanced log and malicious code reviews to support containment and recovery.

• Assist with cybersecurity workforce development by reviewing tickets and annotations.

Required Qualifications

• Bachelors degree with 8+ years of cybersecurity experience (or equivalent).

• At least 6 years of intrusion detection examination experience.

• Experience with a wide range of security technologies and logging data, including WANs, IPS/IDS/HIPS, web logs, raw data logs, and event reviews.

• Strong knowledge of Splunk SIEM with 3+ years of advanced analytics experience (queries, Grep skills, firewall ACL review, Snort IDS events, PCAPs, and web server logs).

• Strong written and verbal communication skills.

• One or more advanced certifications, such as:

  • CERT Certified Computer Security Incident Handler

  • CEH (Certified Ethical Hacker)

  • CISSP

  • GCIH (Certified Incident Handler)

  • GISF (Information Security Fundamentals)

Clearance

• Must be able to obtain and maintain a Public Trust clearance.