Level I
Must have experience with Threat Hunting, Network Analysis, and/or Security Operations Center (SOC) Analyst duties depending on level:
Level I:
- Able to perform independent and collaborative research (not purely checklist driven).
- Perform real-time security monitoring and historical searches for potential incidents.
- Able to collaborate with others to validate findings.
- Creating and updating documentation.
- Respond to security alerts, partner inquiries, and other requests.
- Manage and triage security incidents throughout the lifecycle and maintain accurate records of security incidents in case management systems.
- Supporting and developing Requests for Information (RFI), alert notification, reports during and after incidents.
- Experience with Splunk Enterprise, Wireshark, Bro/Zeek/Corelight systems strongly preferred.
Level II:
- Able independently validate findings before distribution using partner, open source, commercial, and government resources.
- Perform continuous improvements by identifying and solving analytical problems and gaps in knowledge and documentation.
- Engage in technical problem-solving across multiple technologies.
- Significant experience with Splunk Enterprise or similar SIEM required.
- Experience with WireShark required.
- Experience with Bro/Zeek/Corelight systems preferred.
- Splunk SOAR/Phantom experience preferred.
- Understanding of enterprise networking (host-based firewalls, anti-malware, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations, DNS and TCP/IP protocols, experience providing analysis and trending of security log data.
- Knowledge of general cyber-attack stages, profiling techniques and techniques for detecting host and network-based intrusions.
- Strong written technical communication skills to concisely convey security issues and reasonable recommendations.
- Creating and updating documentation.
Level II:
- 3+ years as a Cyber Analyst.
- Bachelors Degree preferred.
- Bachelor’s Degree requirement:
Degree in an Information Technology related field (i.e., Computer Science, Information Technology, Information Systems, Information Assurance, Software Engineering).
Level III:
- Same as Level II with the below modifications:
- Experience architecting, developing, and deploying novel threat detection mechanisms. Provide examples.
- Experience providing technical direction to teams of Cyber Analysts.
- Demonstrated experience automating detection response capabilities.
Level III:
- Bachelors Degree – preferably in a relevant fielddata science, stats, visualizations, Splunk SPL dashboard creation and analysis, network traffic analysis using Wireshark, Bro/Zeek/Corelight, SOC analysts with lots of experience (not junior folks that just look at alerts), technical writing skills, and ability to stay excited by hard core data analysis. The worst thing we can do is get an analyst who doesn't spend time in the data.
- 6+ years as a Senior Cyber Analyst or Technical Director to Cyber Hunting, Incident Response, SOC, or other Cyber Analysis Teams.
Additional Skills: Data science, stats, visualizations, Splunk SPL dashboard creation and analysis, network traffic analysis using Wireshark, Bro/Zeek/Corelight, SOC analysts with lots of experience (not junior folks that just look at alerts), technical writing skills, and ability to stay excited by hard core data analysis. The worst thing we can do is get an analyst who doesn't spend time in the data.
