OVERVIEW
Carter-Lambert Divisions is actively seeking Cybersecurity Insider Threat Analysts to join our Department of Veteran Affairs team in support of the Office Information Security (OIS) Cybersecurity Operations Center (CSOC)
Multiple work locations available, including - Hines, IL; Martinsburg, WV; Washington, DC
1st Shift Available
Job Duties
• Monitor for and investigate insider threat activity in a large federal agency
• Capture and document discovered threat activity in reports to be sent to cross organization leadership
• Develop custom searches using a wide array of network and host-based security toolsets (Splunk, QRadar, Microsoft Defender etc.)
• Review and analyze log files from various sources such as SIEM, EDR, packet captures, and host logs to report any unusual or suspect activities
• Provide targeted detection and analysis, including the development of custom signatures and log queries and analytics for the identification of insider threats
• Monitor User Activity Monitoring (UAM) and User Entity Behavioral Analytics (UEBA) tools
• Determine scope of intrusion and recommend remediation activities to secure the source or initial point of access of intrusion
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Coordinate with enterprise-wide cyber defense staff to validate network alerts
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed threat
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
• Monitor external data sources (cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain awareness of cyber defense threat conditions and determine which security issues may have an impact on the enterprise
• Provide recommendations and custom solutions to counter insider threat activity
• Provide technical summary of findings in accordance with established reporting procedures
• Identify insider threat use-cases for automation using a security orchestration and automation product
• Assist with drafting, updating, and modernizing SOPs and guidelines as needed
• Potential travel limited to about 5%, if needed
Qualifications
Required Education and Experience:
• Bachelor's degree in technology-related field - equivalent experience may be considered in lieu of a degree
• Must possess a minimum of three years’ experience performing in Insider Threat Analysis
• Must be proficient with Splunk Query Language
• Experience with common threat hunting solutions including Splunk, packet analysis (Wireshark), NetFlow, QRadar or other SIEMs
• An understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies
• Understanding of NIST SP 800-61, US-CERT, and Office of Management and Budget (OMB) standards
• Knowledge of and ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of and ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• Knowledge of cyber attackers (script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
• Ability to develop content for cyber defense tools
• Ability to write insider threat reports to both technical and non-technical audiences; reports are evaluated for quality and clarity
• Scripting experience, such as Python and PowerShell are a plus
• Relevant certifications and training such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Examiner (GCFE), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Network Forensic Analyst (GNFA), GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware (GREM), Certified Information Systems Security Specialist (CISSP), and Splunk Core Certified Power User are a plus
• Remedy ticketing system experience
• ServiceNow ticketing experience
Other Experience:
• Excellent analytical and problem-solving skills
• Ability to function in multiple capacities and adapt as required
• Strong verbal and written communication skills
• Strong time management skills with attention to detail
• Strong critical thinking skills
• Strong interpersonal and collaborative skills, with the ability to work in a team environment
• Ability to communicate effectively to both technical and non-technical audiences
Benefits
Carter-Lambert Divisions attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:
About Carter-Lambert
Carter-Lambert Divisions offers a mission-focused solutions to clients-facing highly complex IT, digital, cyber security, Logistical, and Construction challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Carter-Lambert Divisions brings a unique prospective to the team, and because our diverse teams, we consistently meet our goals and exceed client expectations. If you consider yourself to be a highly motivated person with a willingness to learn, we invite you to apply today to join our team!
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.
Physical Address: 3825 Leonardtown Rd. Suite 1B
Waldorf, MD. 20601
Office: 240-585-5853
Voice & Fax: 888-309-5067
Email: carterlambert@carterlambert.com