Network-Based SECURITY Analyst
Bluestone Analytics has an immediate opening for a Network-Based Security Analyst to support the customer team. The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations.
Job Description - Location: Arlington, VA
Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify possible threats to network security.
Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents.
Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Identify and document network based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
Track and document CND incidents from initial detection through final resolution.
Perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.
Create and disseminate technical reports in response to conducted analysis.
Assist with writing CND guidance and reports on incident findings to appropriate constituencies.
Assist with developing and maintaining SOPs.
Participate in inter-agency sponsored community of interest analysis groups, participate in technical briefings and exchanges.
Serve as technical expert and liaison to leadership, NCCIC, the IC, and law enforcement personnel explaining incident details as required.
Manual review network device configurations for suspicious configurations or signs of compromise.
Assess network topology and network device configurations identifying critical security concerns and providing network security best practice recommendations to identify critical security concerns from an architecture perspective (e.g., external internet traffic bypassing firewall boundary) and a network device configuration perspective (e.g., default administrator account on a network device).
Collect network device integrity data, utilizing specialized tools, to detect unauthorized access (login access, configuration changes, interface changes, physical access, unscheduled reboots, blocked attempts, downgraded encryption, etc.).
Collect network device integrity data, utilizing specialized tools, to detect software modifications (file verification, online/offline hash, published hashed, memory verification, firmware verification, rootkit detection).
Collect network device integrity data, utilizing specialized tools, to detect hardware modifications (operating statistics, network traffic analysis).
Support network device integrity analysis on multi-vendor products (e.g., Cisco, Juniper, HP, Dell, etc.).
Assist with maintaining the readiness of all fly-away kits, storage media and forensic VM analyst images.
Divert/deploy teams of Contractor resources to provide on-site support and assistance in the event of an exercise or cyber incident.
Demonstrated to advanced operational experience as an Incident Manager
Experience in providing leadership and vision in incident handling, response, and analysis.
Must be hands-on and have intimate knowledge and experience in cybersecurity, incident response, and analysis; digital forensics; security vulnerabilities/weaknesses and related attacks; network security issues and encryption technologies; management of lab environments to include flyaway kits.
Demonstrated to advanced experience of current threats, vulnerabilities, and attack trends
Critical thinking and problem solving skills
Demonstrated to advanced experience working directly with customers to transfer Threat Hunting knowledge
Good time management and written and oral communications skills
This position requires a Bachelor’s degree in a related discipline with a minimum of six (6) years directly-related experience. Equivalent years of directly-related experience may be considered in lieu of educational requirements.
About Bluestone Analytics
Bluestone Analytics is a veteran-owned cybersecurity technology and consulting firm based in Charlottesville, Virginia. Our diverse team of innovative security professionals are passionate about defending data and solving today’s complex cybersecurity challenges. We pride ourselves on a fun, flexible, and collaborative work environment and offer competitive compensation and benefits.
To apply, email your cover letter and resume to email@example.com and reference "Network-Based Systems Analyst" in the subject line. Bluestone Analytics is a veteran-owned small business and we highly encourage US military veterans to apply to our job openings.