The Role

The Lead Cyber Threat Security Analyst position in the Federal Security Operation Center (SOC) organization will have the task of leading the Federal SOC Incident Response Team. The position will have two main responsibilities:

• This position will be in a leadership role in the Federal SOC Incident Response Team in a 24x7x365 environment operation in a minimum of two SOC locations. This capability does not exist today, and the role will be responsible for standing up the new capability. At a high level, the Federal Incident Response Team will be responsible for operation, maintenance, and monitoring of Security Events for Federal customers and internal Federal Service Enclaves. This role performs security event management functions - monitoring, detection, triage of security events and alerts in Security Information Event Management (SIEM) and associated monitoring systems.
• The position will be responsible for establishing technical processes and tools focused on Incident Response and Threat Hunting. This includes developing a training and certification framework enabling the success of Federal Incident Response Team individual contributors.
  

The Main Responsibilities

• Support and enhance Lumen's abilities to detect and respond to security incidents including internal events, targeted attacks, and all other cyber incidents
• Actively hunt the enterprise for insecure, suspicious, or malicious activity.
• Update and maintain response guides for accuracy.
• Remediate and document information security incidents not limited to dashboard (Advanced Threat Appliance & SIEM) alerts, tickets, emails, or phone calls.
• Ensure infrastructure, event feeds, event processing, and asset intelligence are available and operating effectively.
• Discover, implement, and automate of “Indicators of Compromise” in order to detect intrusions, and significantly lower time to response
• Implement MITRE ATT&CK or Kill Chain Framework.
• Facilitate the coordinated response to an intrusion, minimize the impact of the threat, return the integrity of customer assets and network as quickly as possible.
• Lead significant incidents as needed or assigned.
• Research and understand initial threat vectors and create protection mechanisms to prevent threat recurrences.
• Recommend security best practices and system configuration standards.
• Facilitate and lead Federal customer incident response calls; provide presentations, documentation and reports to Federal customers and senior management.
• Represent Lumen on customer Incident Response meetings.
• Analyze malware, data leak, web filters, application controls, DDoS, network indicators, and call back channels, and design and implement detection mechanisms.
• Identify new technology to be reviewed by the Incident Response Team.
• Maintain both internal and customer facing incident documentation, participate in post-mortems, and write incident reports.
• Support Incident Response Team by managing projects that have high visibility by management.
• Identify and mitigate real-time attacks through the leveraging of multiple sourced, correlated data such as host and network-based IDS/IPS data, forensic data, and antivirus. This could include signature, flow, anomaly, and full packet capture analysis.
• Maintain an expert knowledge of modern hacker tools, methodology, and attack trends.
• Act as POC Incident Commander for all Zero Day Security Incidents.
• Perform an on-call shift rotation.
• Demonstrate effective communication skills, both verbal and written.

What We Look For in a Candidate

Minimum Qualifications:

• Undergraduate degree in Computer Science Engineering, related field, or equivalent experience.
• 5+ years of relevant work experience in incident response, computer forensics security, risk assessments, application security and network security.
• An active security clearance or the ability to obtain one is required for this role.
• Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team-oriented environment with excellent verbal and written and communication skills.
• Excellent understanding of common computing attack vectors and computer systems vulnerabilities.
• Considered expert in one (or more) of the following areas: Networking, Operating System (MS/Unix/Linux), database, or programming skills.
• Ability to produce reports from Fortinet Firewalls, FortiAnalyser Splunk and IPS Systems.
• Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as Security +, C|EH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA.

Preferred Qualifications:

• 5+ years of dedicated incident response and computer forensics work experience.
• Professional/technical certifications, such as Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or equivalent certifications in these areas.
• Development experience in scripting languages such as Python or Perl.
• Hands on experience using commercial Security Incident and Event Management (SIEM), “Next-generation” firewalls, web-content filtering systems, and/or Intrusion Prevention Systems.
• Experience in writing custom Fortinet IDS/IPS signatures and interpreting Snort output.
• Experience with large enterprise data centers and/or networks.
• Advanced Splunk Power User.