Threat Intelligence at Openkyber Maryland

Cyber Threat Intel Analyst (W2 Position)
Duties and Responsibilities

Conduct all-source analysis, digital forensics, and targeted research to identify, monitor, assess, and counter the threat posed by criminal cyber actors. Utilize threat intelligence platforms and tools to mitigate potential threats to users, networks, and data. Respond to computer security incidents in compliance with Information Security Policies and Industry Best Practices. Coordinate the efforts of and provide timely updates to multiple sectors and business units during incident response.

Additionally, provide security-related recommendations to the team as threat events unfold. Provide information and assessments for the purposes of informing leadership and users/customers. Perform network security analysis in support of Intrusion Detection operations including the development and enrichment of indicators used to enhance the network security posture. Contribute to a team of information security professionals analyzing threat data, writing reports, briefing event details to leadership, and coordinating remediation activities across multiple State agencies.

Ensure technical security improvements are effective and maintained within configuration management structures. Ensure technology employed by the Security Monitoring Team compliments operational processes. On occasion, provide extended shift coverage with minimal travel required.

Monitor various information security related platforms and forums including Recorded Future, Anomali Threat Stream, SANS Internet Storm Center, Krebs on Security, and other forums and mailing lists to stay up to date on current network threats, attack methodologies and trends. Analyze the potential impact of new threats and exploits and communicate risks to relevant leadership and business units. Monitor the State of Maryland networks to find anomalous or malicious activity using various analytical methods and Security Event and Incident Monitoring tools in a fast-paced operational environment.

Bachelor's Degree in Computer Science/Computer Engineering, Information/Network Security, Cybersecurity, or related field with 5-7 years of related work experience; OR equivalent experience in lieu of degree.

• Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
• Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
• Coursework and previous experience directly related to Cyber Operations environment.
• Experience with Splunk, Service Now, Recorded Future, Anomali Threat Stream, and other cybersecurity tools as required.
• Ability to work in a team environment and take initiative to understand and master new operating systems, security applications and open-source tools.
• Knowledge of Windows and Linux operating systems, common applications, detecting malicious code and methods of infection.
• Knowledge of information systems security concepts and technologies; network architecture and tools; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and open-source alternatives.
• Knowledge of fundamental cyber operations concepts, terminology, principles, capabilities, limitations, and effects.
• Knowledge of common computer/network infections and methods of infection.
• Knowledge of the basics of network security, such as encryption, firewalls, authentication, honey pots, perimeter protection.

• At least one certification from the CSSP Incident Responder Category (CEH, CFR, CCNA Cyber Ops, CCNA‑Security, CHFI, CySA+, GCFA, GCIH, SCYBER, Pen Test+).