Cyber Defense Analyst

We are seeking a motivated, career and customer-oriented Cyber Defense Analyst to join our team supporting USAFA. The Cyber Defense Analyst supports the client by engineering, developing, deploying, and maintaining the organization's security information and event management (SIEM) implementation and its applications, integration, apps, and interfaces. The candidate will possess mastery of the SIEM tool, with technical expertise including hands-on solution development and implementation experience, and analytical skills for evaluating and optimizing capabilities of securing application solutions. The candidate will also perform incident response activities and ensure that proper protection or corrective measures have been taken when an incident has been discovered. The candidate will be a critical team member with proven leadership, communication, critical thinking, problem solving, organizational and interpersonal skills. The candidate must have the ability to multitask and solve complex technical problems.

• Implement, optimize, and maintain the SIEM infrastructure, and deploy products, apps, reports, alerts, and dashboards utilizing business best practices and methodologies
• Develop, maintain, and optimize installation of internal and external SIEM components
• Increase the efficiency of the infrastructure to connect more enterprise data sources to the SIEM application and associated add-on components
• Oversee the optimization, operation, and health of SIEM components and connections to data sources
• Manage events in multiple systems, applications, and other priorities by exercising multi-tasking skills and critical thinking
• Implement industry best practices and innovative ideas leading to continuous improvement of the environment
• Analyze events using data collected from a variety of cyber tools (including intrusion detection system alerts, firewall and network traffic logs, and host system logs)
• Provision, patch, tune, and monitor SIEM application
• Improve automation and SIEM/Incident Response processes
• Test the accuracy of the alarms; conduct long-term analysis of triggered alerts
• Ability to understand all SIEM inputs/data sources
• Establish and control the efficient interaction of the various cloud-based security analytics systems
• In-depth analyses of all security data must be defined and implemented
• Automate response activities must be planned and implemented
• Update and maintain documentation including the Incident Response Plan
• Investigate and analyze all response activities related to cyber incidents
• Test, implement, deploy, configure, and maintain data loss prevention (DLP) services
• Draft, review, and update DLP plans and policies as needed
• Work in conjunction with the team to enhance response capabilities through development of playbooks, deployment of technology, or assisting with automation efforts

Required Qualifications:

• 8-10 years of related experience
• Experience designing, implementing, and maintaining SIEMs (e.g., Splunk or Microsoft Sentinel)
• Experience optimizing applications to reduce impact on resources
• Experience with SIEM administration, configuration, tuning large environments
• Experience with the Incident Response Life Cycle (NIST SP 800-61)
• Experience with DLP tools (i.e., Microsoft Purview)
• DoD 8140 (DoD 8570) IAT II & Cyber Defense Analyst certifications
• Secret security clearance
• Must be a US citizen

Desired Qualifications:

• Bachelors in Computer Science, Cybersecurity, Information Systems or similar degree/experience
• Advanced Cyber Defense Analyst certifications (GCFA or GCIA)
• Expert SIEM application and dashboard developer using complex data searches
• Firm understanding of data flows and interconnections between multiple systems within the network environment
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
• Skilled in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists
• Ability to focus research efforts to meet the customer's decision-making needs

VTG's estimated starting pay range is $110,000-$130,000, which is a general guideline for the geographic location. When extending an offer, VTG also considers work experience, education, skill level, market considerations and may possibly include contractual requirements which may cause an offer to fall outside of this range.