Splunk Cyber Threat Analyst- Remote Local Washington D.C.

Splunk Cyber Threat Analyst

This position is for a Cyber Threat Analyst for an organization that specializes in analyzing and producing advanced cybersecurity and threat intelligence.

Responsibilities include identifying and assessing threats and potential threats to the customer's personnel, information, and information systems.

The role involves providing timely and relevant intelligence to assist in mitigating cyber threats, supporting the evaluation, implementation, and operation of advanced analysis tools and technologies, and developing and supporting the Cyber Insider Threat Program.

The company is located in the Washington . Metro area and will remain 100% remote, but the candidate must be local to the area.

What You Will Be Doing :

• Support the customer's comprehensive cyber threat analysis efforts.
• Serve as the liaison between the Splunk Engineering team and SOC operations teams to configure the Splunk Data Lake for optimal SOC functionality.
• Create executive-level dashboards summarizing cyber status or risk level per Splunk, based on criteria published by FISMA and other Government organizations.
• Produce metrics and trendlines for threat activity and provide in-product security research on existing and emerging threats.
• Support the use of machine learning for event correlation and proactive cyber response capabilities.
• Research, analyze, and draft documents such as use case requirements, system change documents, and process documents / workflows.
• Ensure documentation is accurate, complete, and adheres to quality, editorial, and government standards.
• Develop content including presentations, bulletins, white papers, memos, policies, briefings, and other products appropriate for the intended audience.
• Collaborate with analysts and engineers to acquire subject knowledge.
• Assist in coordinating projects from the planning stage, provide additional or missing materials, and edit for content format, flow, and integrity.
• Perform Cyber Threat Assessment and Remediation Analysis within the context of SIEM configuration requirements.
• Process, organize, and analyze incident indicators retrieved from the client environment and correlate these indicators with various intelligence data.
• Coordinate with internal teams and assist in the creation of engagement deliverables for activities such as Insider Threats, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts supporting testing, monitoring, and protecting the enterprise.
• Investigate network and host detection and monitoring systems to advise on engagement processes.
• Develop core threat intelligence capabilities and subject matter expertise.
• Develop and execute bash and python scripts to process discrete log files, extract specific incident indicators, and develop tools to aid in Tier 1 and Tier 2 functions.

Required Skills & Experience :

• Bachelor’s degree in Computer Science, Information Systems, Mathematics, Engineering, or a related field, or an additional two (2) years of relevant experience.
• Experience in cyber threat intelligence or intelligence analysis.
• Cybersecurity certifications preferred but not required.
• Strong organizational, verbal, presentation, and written communication skills. Comfortable presenting briefings to clients.
• Proficient in using Splunk for SOC operations support.
• Skilled in assessing SIEM data for search and visualization capabilities.
• Demonstrated proficiency in Incident Response Process, SOC operations, and threat hunting.
• Good understanding of system log information and data collection for Incident Events.
• Operational knowledge of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS / IPS, proxy, WAF) and Windows and Unix / Linux systems.
• Experienced in log analysis and reporting.
• Skilled in creating and tracking investigations to resolution.
• Experience with Endpoint security solutions such as Windows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools.
• Understanding of compliance or regulatory frameworks (., FISMA, NIST, ISO).
• Solid understanding of application, authentication, network security principles, and operating system hardening techniques.
• General knowledge of cyber-attack frameworks (MITRE ATT&CK, Lockheed Cyber Kill Chain).
• Understanding of Computer Network Defense (CND) policies, procedures, and regulations.
• Experienced in SIEM monitoring and analysis, network traffic analysis, log analysis, and differentiating between potential intrusion attempts and false alarms.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.

This position doesn’t provide sponsorship.