Senior Cybersecurity Threat Analyst

at The Staffing Resource Group, Inc
Location Jacksonville, FL
Date Posted January 9, 2019
Category Default
Job Type Full-time


Senior Cybersecurity Threat Analyst – TS/SCI Clearance w/Poly Required

We are currently hiring for a Senior Cybersecurity Threat Analyst with a TS/SCI clearance with Polygraph and 8+ years of experience to support our customer in the Columbia, MD area. In this role, the Cybersecurity Threat Analyst will provide the following Discovery and Hunting Operations tasks in support of the customer’s networks, systems, and applications.
Location:  Ft. Meade, MD
Industry:  Defense
Employment Type: Contract-to-Hire
Salary: Dependent on experience, education, and certifications
Job Description:

  • Discover and characterize network and platform anomalies to include cross domain violations and submit findings to the Reporting Team Lead for analysis and report generation
  • Monitor, identify and analyze anomalous network activities on various networks
  • Conduct multi-source threat analyses to examine host behaviors and network traffic for high priority malicious attacks, anomalous traffic, or other incidents of interest, as well as generate reports as appropriate
  • Integrate Cyber Threat Intelligence to inform customer on newly discovered threats and vulnerabilities associated with the technologies used in the enterprise for the purpose of developing hunt analytics. Any shareable vulnerability information will be made available for traditional tipping and alerting to the broader customer base
  • Monitor adversarial capabilities, exploits, vulnerabilities, mitigation techniques, and best practices information and guidance through all-source research
  • Identify areas for deeper dive analysis of threat and vulnerabilities
  • Examine network topologies to understand data flows through networks and provide mechanisms to tip countermeasures
  • Employ analysis and tools to discover new threat actors
  • Implement the applicable reporting guidelines outlined in applicable directives and guidance
  • Conduct research and planning required for strategy development in response to real-time operational requirements
  • Identify and document gaps in all data (e.g., netflow, syslog, etc.) that affect the customer mission in order to determine how to better posture mission capabilities
  • Develop, document and synchronize the recommendations and the tasking of signatures and Yara rule sets across sensors e.g., IDS, FW, etc. used by the customer


  • TS/SCI w/poly is required
  • Bachelor’s in Information Technology, IT Security, Network Systems, or related field or equivalent experience, plus 8-12 years of directly related experience
  • Knowledge of systems configuration and management of firewalls, IDS, servers and work stations
  • Experience with Red Team and/or Penetration Testing
  • Knowledge of incident categories, incident responses, and timelines for responses
  • Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data
  • Demonstrated experience supporting external investigations
  • Familiarity with software development and network operations concepts and methodologies
  • Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools such as EnCase and open source alternatives
  • Experience with the Windows and Linux operating systems; Wireless and SCADA is highly desired
  • Experience with scripting (Powershell, Python, Java) and investigating malicious code

Preferred Qualifications:

  • Demonstrated ability to apply technical and analytical skills in a security environment
  • Ability to correlate incident data to identify specific vulnerabilities and make recommendations that enable remediation; Use of SIEMs or scripting to pull data into usable formats; notification sources are Antivirus, HIDS, NIDS, IPS, and Firewalls
  • Tier III Analyst experience, Network Analytics, Incident Investigations, Reverse Engineering and Malware Analysis, Task Prioritization
  • Strong comfort level with IPv4, TCP/IP, and RFC data, low level networking and protocols, TCP/UDP Ports for Apps, and understanding of what is normal/abnormal endpoint and on-wire activity
  • Knowing how to string together data, what questions to ask, what activities will point to a target that we care about; Ability to think “outside the box” and not willing to settle for conventional wisdom
  • Experience in Cloud Environment using cloud analytics and PIG scripts/jobs to present data and using the Hadoop Distributed File System
  • Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
  • Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports; Ability to understand and translate client requirements
  • Strategic planning skills, organizational skills, operating skills, and strong leadership skills

About Us: SRG Government Services (SRG) is a leading provider of information technology, training, engineering, accounting and intelligence analytical services for agencies in the intelligence, defense, homeland security, cyber security, and federal civilian markets. SRG utilizes an innovative approach to identify and qualify talent that is unique to the federal contracting industry, featuring a cutting-edge platform that allows us to rapidly and precisely match professionals to client requirements. We have a proprietary database of over one million candidates and maintain continuous contact with our qualified talent.
Keywords: Cybersecurity Threat Analyst, threat, vulnerabilities, cloud, Top Secret, TS, clearance, polygraph, poly, CI poly, FSP, full-scope poly, software, IPv4, TCP/IP, RFC data, TCP/UDP Ports, Powershell, Python, Java, EnCase, firewalls, IDS, servers, work stations, Red Team, Penetration Testing, netflow, syslog, incident categories, incident responses, Network Analytics, Incident Investigations, Reverse Engineering, Malware Analysis, Task Prioritization