XOR Security is looking for a mid-level Cybersecurity Analyst to perform the following duties:
- Develop an accurate and updated Cybersecurity Penetration Program Test Plan that reflects changes to the Release Plan.
- Develop a complete and timely Risk and Vulnerability Assessment (RVA) with both internal and external security testing and penetration testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. Deliverables for Penetration Testing include, but are not limited to, a Rules of Engagement (RoE) document containing the type and scope of testing, and client contact details and a Penetration Test Report that includes an executive summary, a contextualized walkthrough of technical risks, potential impact of vulnerabilities found, and vulnerability remediation options.
- Support the creation and collaborative update of the program IT Security and Penetration Test Strategy and Test Plan.
- Facilitate meetings and interviews to collaborate with the Cybersecurity SRM Penetration Testing Office and other Vulnerability Management stakeholders.
- Assess program test integration processes and document findings for improvement.
- Conduct a comprehensive review of MITRE Attack Tactics, Techniques, and Common Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK) and Qualys Vulnerability Management, Detection, and Response (VMDR) for accuracy and conformity with cross-project test execution.
- Develop vulnerability detection plugins for custom and inhouse developed applications, zero day and other vulnerabilities where the VMDR platform does not provide detection capabilities.
- Update and adjust platform-defined vulnerability impact ratings to ensure prioritization accurately reflects the risk.
- Support continuous improvement activities by evaluating mitigation and detection capabilities, developing repeatable testing processes and monitoring remediation progress.
- Conduct focused technical analyses (Network Mapping, Vulnerability Scanning, & Penetration Testing) in support of the program, releases, and projects including architecture and engineering tasks.
- Conduct platform, data, performance and software engineering analyses and feasibility studies in accordance with the Common Vulnerability Scoring System (CVSS).
- Minimum 3 years of experience as a cybersecurity analyst
- Minimum Associates Degree
- Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
- Ability to identify assets on an agreed upon IP address space or network range(s) using a network mapping tool.
- Identify IT vulnerabilities using a vulnerability scanning tool and develop a Vulnerability Scanning Risk Assessment document that includes an execsum, risk assessment reports, and/or dashboards.
- Experience using the MITRE ATT&CK Framework
- Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
- Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
- Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
- Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources (e.g., windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
- Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
- A working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
- Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances are strongly desired
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- One or more of the following certifications: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
- An understanding in researching Emerging Threats and recommending monitoring content within security tools.
- Familiar with DHS CISA’s Security Architecture Review (SAR) process
- Experience with performing assessments on High Value Assets (HVAs)
- Experience with one or more of the following technologies and specific tools: Splunk (including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided