We are looking for an experienced and motivated network defender and insider threat analyst at a senior level to help us defend and protect against network intrusions and system compromises at a globally respected research institution. This position reports to the RAND Cyber Defense Center (RCDC) Manager within Information Security.
Duties and Responsibilities
- The Insider Threat Analyst will be a cybersecurity analyst/network defender with a primary focus on insider threat detection, monitoring and use-case-driven content creation using our SIEM, and a remaining focus on senior cybersecurity analyst work including threat emulation, network defense, SIEM content creation, Incident Response and other programs and initiatives.
- Learn to operate our security infrastructure and tools to monitor, investigate and analyze both raw and normalized network traffic, correlate connected sequences of events, detect suspicious and malicious network activity and intrusions and reconstruct into timelines for analysis, and generally assist in conducting defensive cyberspace operations to protect our organization’s network infrastructure and various data types.
- Assist in periodic or ad-hoc security report production to provide relevant situational awareness for senior stakeholders
- Assist in the coordination and completion of information security operations documentation when needed
- Provide additional support to the RAND Cyber Defense Center and executive leadership as needed.
Knowledge and Skills
- The ideal candidate will have senior level experience performing insider threat detection, network security and traffic analysis, hunting for malicious network activity and initiating response actions. Also will be familiar with the use of SIEMs and different types of network security platforms. The candidate must have a solid understanding of different types of cyber-attacks and exploitation methods as well as network security principles.
- Experience with market leading security systems and products
- Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
- Ability to use Wireshark and other network analysis tools
- Knowledge of the threat landscape, including Advanced Persistent Threat adversaries
- Good written and verbal communication skills
- Good analytic and problem-solving skills
- Effective time management. Must be able to work effectively in a team environment.
- A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
- US citizenship and ability to obtain and maintain a security clearance
- Minimum of 6 years’ experience working in a security operations or network security environment.
- Bachelor’s degree in Computer Science or related area desired but not required.
- Information security certifications (e.g., SANS GIAC certs) are a plus.
Minimum six years related experience.
U.S. Citizenship is required to obtain a security clearance. An active transferable security clearance preferred but not required.