Security Analyst/Incident Responder

AnaVation

$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a related field or equivalent experience.
  • 6+ years' experience as a Security Administrator or similar role.
  • Hands-on incident response and vulnerability analysis experience across various platforms.
  • Proficient in vulnerability scanning with Tenable and Qualys.
  • Experience with EDR tools like Crowdstrike, as well as SIEM solutions such as Splunk.
  • Knowledge of NIST SP 800-61 rev2 guidelines for incident handling.
  • Excellent communication skills, both oral and written.

Responsibilities

  • Lead Incident Response activities, including triage, investigation, and reporting.
  • Administer policies within EDR and SIEM tools like Crowdstrike and Splunk.
  • Develop post-incident reports documenting mitigation efforts and recovery steps.
  • Implement best practices for cybersecurity defenses.
  • Manage ticketing systems to track incident responses and resolutions.
  • Conduct vulnerability scans and analyze results for prioritization and remediation.
  • Create dashboards and metrics reports to present security findings.

Benefits

  • Generous cost sharing for medical insurance for employee and dependents.
  • 100% company-paid dental insurance for employees and dependents.
  • 100% company-paid long-term and short-term disability insurance.
  • 100% company-paid vision insurance for employees and dependents.
  • 401k plan with generous match and 100% immediate vesting.
  • Competitive pay package.
  • Generous paid leave and holiday offering.
  • Tuition and training reimbursement opportunities.
  • Life and AD&D insurance provided.
Full Job Description
Description of Task to be Performed:

AnaVation is looking for a Security Analyst (Incident Responder) to assist the client leadership with vulnerability management and incident response activities. The ideal candidate will be comfortable engaging with client leadership on a regular basis and interacting with senior level team members.

Responsibilities:
  • Lead and manage Incident Response (IR) activities to include triage, investigating, interviewing, resolving, and reporting on events. Creating, updating, and/or revising the IR Playbook and IR Plan.
  • Monitor, maintain and administer policies and rules within EDR and SIEM tools (e.g., Crowdstrike, Splunk).
  • Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
  • Develop and implement defensive cyber best practice tactics, techniques, and procedures.
  • Maintain Incident Ticketing tracking system and related tickets within Remedy or other tracking tools.
  • Monitor and take action within multiple tools providing security functions such as vulnerability management (e.g., Nessus), configuration management (e.g., Tenable Security Center, IBM BigFix, SCCM), endpoint protection (e.g., antivirus, ATP), intrusion detection software and hardware.
  • Manage and perform Splunk queries to examine and query log data from the Enterprise Logging as a Service system and perform log analysis.
  • Ensure system and application logs are being sent to enterprise SIEM tool for log monitoring.
  • Conduct and manage vulnerability scans using Tenable SC and/or Qualys.
  • Analyze scan results, prioritize findings by risk and impact, coordinate with responsible parties for remediation and validate false positives.
  • Interacting with GRC tool (e.g., CSAM) to perform daily/weekly vulnerability analysis.
  • Creating and compiling weekly security metrics into dashboards and charts.
  • Presenting vulnerability analysis to system admins, system owners, and leadership.
  • Flexible with other security related tasks as needed by the customer.

This position is hybrid, with the potential for periodic onsite attendance at our customer location in Alexandria, VA.

Applicants who do not currently reside within commuting distance should describe how they would satisfy this requirement. Remote status is subject to change at the customer's direction.

This position requires a Public Trust

Required Qualifications:

  • Bachelor's degree in a related field or equivalent demonstrated experience and knowledge.
  • 6 years' experience as a Security Administrator or equivalent knowledge.
  • Hands-on experience conducting incident response activities and vulnerability analysis of various systems, applications, security tools, databases, and networks logs.
  • Performing vulnerability scans with tools such as Tenable or Qualys.
  • Experience with Crowdstrike, TenableSC, Splunk. (Experience with comparable tools may be considered).
  • Experience with NIST SP 800-61 rev2 Computer Security Incident Handling Guide.
  • Excellent oral and written communication skills.
  • Familiarity with multi-tiered network applications, common ports and protocols used in those communications, the Common Vulnerability System (CVS) and the exploitation mechanisms of common vulnerability types (e.g., buffer overflows, cross-site-scripting, SQL injection).
  • Ability to perform online research and comprehend attack signatures while comparing them to network traffic to perform proper analysis of detections.
  • Ability to use common tools such as Wireshark to examine network traffic.
  • Certifications: Security + required.


Preferred Qualifications:

  • Self-Starter - ability to quickly become competent with new security-related tools and processes.
  • Ability to conduct Deep Dive analysis to determine root cause assessment of various network scanning agents' scanning or communication failures.
  • Ability to coordinate remediation strategies with agency's department technical staff through completion.
  • Familiarity with the various use cases and alignment of data from each tool to various security disciplines in configuration management, vulnerability management, risk management and incident management.
  • Understanding of the role of interactive training such as phishing exercises for assessment of organizational abilities.
  • Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.
  • Familiarity with information security terminology and being able to develop or select technical training in the discipline of information security geared to an organization.
  • Familiarity with data management and reporting of training data and statistics using common tools such as Microsoft Excel and Word.


Benefits
  • Generous cost sharing for medical insurance for the employee and dependents
  • 100% company paid dental insurance for employees and dependents
  • 100% company paid long-term and short-term disability insurance
  • 100% company paid vision insurance for employees and dependents
  • 401k plan with generous match and 100% immediate vesting
  • Competitive Pay
  • Generous paid leave and holiday package
  • Tuition and training reimbursement
  • Life and AD&D Insurance

Similar Jobs

More Jobs at AnaVation

  • Vulnerability Manager
    $100K — $130K *
    Alexandria, VA 22304 (Alexandria City County)
    Information Technology
    Hybrid
  • Security Engineer
    $90K — $130K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    Hybrid
  • Scrum Master
    $90K — $120K *
    Hanover, MD 21076 (Howard County)
    Education, Government & Non-Profit
    In-Person
  • ServiceNow Developer
    $90K — $130K *
    Hanover, MD 21076 (Howard County)
    Information Technology
    In-Person
  • Application Administrator
    $75K — $95K *
    Hanover, MD 21076 (Howard County)
    Information Technology
    In-Person

More Information Technology Jobs

Find similar Security Analyst/Incident Responder jobs: