Cybersecurity Analyst

About The Position

Requirements

• United States citizen with a US Department of Energy (DOE) Q Clearance or US Department of Defense (DOD) issued TS clearance.
• Bachelors degree in Computer Science or related field with 1-2 years of cyber operations work experience or an equivalent amount of education and experience
• Experience with ServiceNow, JIRA ServiceDesk, or other ticketing system

Nice To Haves

• Relevant certifications (GSEC, Security+, CEH, etc) preferred.

Responsibilities

• Support the DCO environment in identification and analysis of threats in Security Incident and Event Management (SIEM) alerts, dashboards, and queries.
• Resolve or escalate alerts/events/incidents as defined in DCO service level agreements according to level of severity.
• Help develop advanced queries and alerts to detect adversary actions and compile detailed investigation and analysis reports for internal DCO consumption, and for delivery to management.
• Work with the Emerging Threat team to capture intelligence on threat actor tactics, techniques, and procedures (TTPs) and leverage automated and manual countermeasures in response.
• Field customer requests for support ranging from potential phishing events to abnormal system activity.
• Triage reports from DOE entities, CISA, and external penetration testers, and coordinate resolution with ORNL system administrators in keeping with BOD 18-01, 19-02, and 22-01 requirements.
• Analyze suspicious links and attachments in a secure malware analytics platform as part of a comprehensive phishing analysis procedure.
• Triage malware and anomalous activity alerts generated by an EDR system.