Cybersecurity Operations Analyst
Job Description
DescriptionAre you interested in being part of a highly collaborative Cybersecurity Operations and Incident Response (IR) Team?
Are you inquisitive and analytical with expertise in Cybersecurity?
If so, we're looking for someone like you to join our team at APL.
We are seeking a Cybersecurity Operations and IR Analyst to help us hunt and respond to advanced threats, pivoting on and analyzing data to identify malicious behaviors. Perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions. Maintain an understanding of attack methodologies and use information operationally. Coordinate with Client Security Team (CST) and Help Desk personnel during initial triage and escalation of cyber incidents. Provide evidence collection and technical support to APL eDiscovery and litigation holds.
As a Cybersecurity Operations Analyst...
- Your primary responsibility will be proactively hunt, monitor, analyze, and respond to infrastructure threats, contribute to Computer Network Defense, and create solutions to augment Defensive Cyber Operations (DCO) at APL.
- You will develop and enhance content and methods for monitoring and incident response, leveraging data extraction techniques for further analysis.
- You will develop and enhance processes, work flows, and documentation.
- You will determine high fidelity behavioral patterns and create content in multiple tools.
- You will serve as a primary liaison to the APL Help Desk and CST, providing training and guidance on adversary tactics, detection and IR capabilities, and escalation procedures.
- You will support evidence collection, data processing, and forensic analysis in support of eDiscovery, litigation hold, and insider threat requirements.
- You will participate in project and cross-functional security teams requiring interaction with system administrators, networking staff, application developers, IT operations staff, and cyber research and development areas within the organization in order to identify and implement information assurance controls and risk mitigation techniques for IT operations.
Job Summary:
Under the direction of the Section Supervisor of Defensive Cyber Operations, the Cybersecurity Operations Analyst will be a part of the Cyber Hunt, Incident Response, and Applied Research areas in Defensive Cyber Operations. The Cyber Security Analyst will monitor, analyze, and respond to infrastructure threats, contribute to Computer Network Defense, and create solutions to augment Defensive Cyber Operations at APL.
Duties:
- Hunt for advanced threats, pivoting on and analyzing data to identify malicious behaviors. Perform real-time incident handling, independently following and creating procedures to analyze and contain malicious activity. Collect evidence to include digital media, logs, and malware to perform analysis associated with cyber intrusions. Maintain an understanding of attack methodologies and use information operationally. Make recommendations and create or modify processes and procedures based on knowledge of advanced threat behaviors. Identify and analyze threats, using OSINT, Threat Intelligence and leveraging enrichment resources.
- Develops and enhances content and methods for monitoring and incident response, leveraging data extraction techniques for further analysis. Develops and enhances processes, work flows, and documentation. Determine high fidelity behavioral patterns and create content in multiple tools.
- Provide direct support to APL Help Desk and CST incident response functions. Coordinate training and provide guidance on cybersecurity capabilities, adversary tactics, initial triage, and escalation procedures.
- Collect and process evidence in support of eDiscovery, litigation holds, and insider threat investigations. Manage and maintain digital forensics capabilities required for disk image and mobile data collection.
- Participate in project and cross-functional security teams requiring interaction with system administrators, networking staff, application developers, IT operations staff, and cyber research and development areas within the organization in order to identify and implement information assurance controls and risk mitigation techniques for IT operations. Provide routine reporting on goals and objectives to management.
Qualifications
You meet our minimum qualifications for the job if you...
- Bachelor’s Degree in Information Security, a security related discipline, or equivalent experience that provides the necessary knowledge, skill and abilities
- 2+ years of experience working in a complex network environment
- 1+ years of experience in operational cybersecurity environment
- Understanding of operating systems normal activities and OS internals (Windows and Mac).
- Proficient understanding of Linux operating systems (focus RHEL and Ubuntu), OS normal activities, OS internals, MITRE ATT&CK techniques mapped to Linux systems, and identifying anomalous behaviors on Linux systems.
- Proficiency with extracting and manipulating data, using scripting languages such as Python, PowerShell, SPL or others.
- Experience with Assume Breach methodologies and proficient understanding of advanced attack methodologies of Nation State adversaries, including living off the land techniques and TTPs outlined in MITRE ATT&CK framework.
- Demonstrate ambition to further current knowledge and understanding by exploring new concepts and applying to cyber security.
- Develops and enhances content and methods for monitoring and incident response
- Experience analyzing and modeling data with technologies like Splunk, ELK, Hadoop, or SQL.
- Technical experience in some of the following areas: Endpoint Detection & Response, Active Directory and authentication anomalies, Suricata, Zeek, Full Packet capture technologies, Firewall, Proxy, and Sandbox technologies.
- Experience with memory analysis, host based anomaly detection, network anomaly detection, and authentication anomaly detection techniques.
- Experience and understanding of Red Team and Threat Emulation techniques.
- Experience with disk image and mobile data collection capabilities like EnCase, Cellebrite, and eDiscovery.
- Are able to obtain a Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.
You'll go above and beyond our minimum requirements if you...
- Have a Master's Degree in Information Security/Assurance or security related discipline.
Special Working Conditions:
Flexibility to work outside of normal business hours, to include some overnight and/or weekend work, in support of incident response and project implementation tasks.
Why work at APL?
The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation’s most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.
At APL, we celebrate our differences and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL’s campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at http://www.jhuapl.edu/careers.
About Us
APL is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law.
APL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideas. In doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu. Only by ensuring that everyone’s voice is heard are we empowered to be bold, do great things, and make the world a better place.
The referenced pay range is based on JHU APL’s good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.
Minimum Rate
$85,000 Annually
Maximum Rate
$175,000 Annually
*Please mention you saw this ad on DisabledInAcademia.*