R-Attack Sensing & Warning Analyst; AS&W Analyst

Description

The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a U.S. Government program responsible for preventing, identifying, containing, and eradicating cyber threats to CBP networks through monitoring, intrusion detection, and protective security services to CBP information systems including LAN/WAN, commercial Internet connection, public-facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected or confirmed security violations.

• Utilize state-of-the-art technologies such as Endpoint Detection & Response (EDR), log analysis (Splunk), and occasionally network forensics (full packet capture) to investigate activity and examine endpoint and network-based data.
• Monitor alerting channels for multiple endpoint and network tools for alerts of various criticalities and escort alerts according to defined processes, procedures, and playbooks.
• Triage alerts to determine the nature of activity occurring on customer networks, systems, servers, and mobile devices.
• Conduct log analysis from multiple avenues and tools to triage activity in support of incident response.
• Recognize attacker and APT activity, tactics, and procedures and aggregate indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
• Lead Incident Response activities and mentor junior SOC staff.
• Create daily, weekly, and monthly reports for dissemination to customer leadership emphasizing attention to detail and accurate capturing of relevant, timely data for briefings.
• Succinctly and accurately capture technical details and summarize findings for less technical audiences.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Effectively investigate and identify root‑cause findings, then communicate findings to stakeholders including technical staff and leadership.
• Apply strong problem‑solving abilities with an analytic and qualitative mindset.
• Effectively communicate with customer leadership and disseminate timely updates of critical incidents with emphasis on detail and accurate reporting.
• Shift schedule: 7 am‑7 pm, Sun‑Tues, every other Wednesday.

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 2, 4, or 8 years of professional experience (depending on level). Additional years of experience are accepted in lieu of a degree.
• 5 years of professional experience (or a Bachelor's Degree and 3 years of professional experience) in incident detection, response, and remediation.
• Minimum 3 years (5 preferred) of specialized experience in one or more of the following areas: email security, digital media forensics, monitoring and detection, incident response, vulnerability assessment and penetration testing, cyber intelligence analysis.
• Extensive experience analyzing and synthesizing information with other relevant data sources, providing guidance and mentorship to others in cyber threat analysis and operations.
• Ability to collaborate with technical staff and customers to identify, assess, and resolve complex security problems or risks and facilitate resolution and risk mitigation.
• Stay up to date with the latest threat intelligence, security trends, tools, and capabilities.
• Strong problem‑solving abilities with an analytic and qualitative eye.
• Independently prioritize and complete multiple tasks with little or no supervision.

• Ability to coordinate and communicate well with team leads and government personnel.
• Experience with detection engineering efforts to tune alerts, signatures, and tools to reduce false positives.
• Experience in cyber government, and/or federal law enforcement.
• Experience with the Cyber Kill Chain and MITRE ATT&CK framework.
• Ability to formulate and create new processes, metrics,…