Gravity IT Resources
Job Title: CyberSecurity Analyst
Job Type: Direct Hire
Location: Hybrid in Boston, Washington DC,or Dayton OH
Work Authorization: US Citizen or Green Card Holder. Will not sponsor visas.
Referral Fee: +/-$2000
The Cyber Security Analyst supports the firm’s cyber threat analysis and detection efforts, boosting the firm’s ability to detect, prevent and respond to potential data breaches. Confirms proper operation of security infrastructure and supports proper incident response. Leverages third party intelligence to detect events of interest. Assists with the development and utilization of information security controls including encryption, web gateways, endpoint controls, intrusion detection and prevention, anti-malware, and content monitoring.
About This Role
- Monitors and analyzes alerts, notifications, events, and log entries from a variety of sources including Security information and event management (SIEM), endpoint Detection and Response (EDR) tools and Manages Security Service providers and correlates incident data to identify specific vulnerabilities and appropriate remediations.
- Perform root cause analysis to identify security control gaps and develop effective prevention and detection strategies.
- Develop, document, and uphold procedures, practices, and policies for effective threat analysis and response.
- Conduct proactive analysis of internal activity trends, identifying and prioritizing missing or ineffective detection capabilities.
- Support security incident investigations using data analytics and digital forensics methodologies.
- Actively supports application of cyber security policy and participates in incident response by assisting in cyber defense incident triage, to include deciding scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
- Work closely with internal teams and systems owners to refine incident and event management processes, assess vulnerabilities, and recommend measures for detecting anomalous behavior.
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and establish which security issues may have an impact on the enterprise.
- Performs scripting and information analysis in general support of firm technology infrastructure.
- Perform cyber defense trend analysis and reporting.
- Assumes additional responsibilities as assigned.
Your Qualifications / What You Will Bring
- Knowledge and intuition related to effective cyber threat response, including proven threat hunting prowess.
- Ability to function as part of a cyber threat response team, with coordination of efforts between groups.
- Experience with the use and development of a security incident and event management system (SIEM), DLP solutions, UEBA tools, and host/network forensic solutions
- Familiarity with risk scoring, threat analysis, and threat modeling
- Experience with MITRE ATT&CK/D3FEND framework
- Experience with Windows Active Directory (AD) and Azure AD security monitoring
- Knowledge of security issues, techniques, and implications across all existing computer platforms required.
- Good work ethic; excellent use of discretion and judgment. Good written communication skills.
- Analytical thinking
- Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
- Makes logical conclusions, anticipates obstacles, and considers different approaches that are relevant to the decision-making process.
- Effectively meet challenges, influence, and drive consensus within the team.
- Strong interpersonal and written communication skills.
- Demonstrated problem solving abilities, analytical skills, and demonstrable ability to meet challenging deadlines required.
- Bachelor’s degree in computer science, information security, or related field; or equivalent work experience.
- Security certification preferred (CISSP, CEH, CompTIA Security+).
- 2-5 years or more work experience supporting information security in a large and complex environment with significant log analysis work; or other equivalent combination of education and experience that provides the required knowledge and skills.