OverviewWe are seeking up to two (2) Cybersecurity Analysts with experience implementing artificial intelligence (AI) for computer network defense including intrusion detection, prevention and incident response activities. The ideal candidate will have deep expertise with traditional cybersecurity operations, activities, and technologies. The ideal candidate will also have experience working with a variety of AI technologies and models in a cybersecurity context. This position will require the development and delivery of AI-enabled cybersecurity processes, tools, and capabilities.
Responsibilities
- Implement AI-enabled solutions for cybersecurity operations and adapt existing processes to integrate emerging AI capabilities into standard operations.
- Provide key requirements, observations, design suggestions, and artifacts to inform the development of AI technologies that will support the adoption of AI technology into cybersecurity operations.
- Monitor real-time network activity flagged by a variety of intrusion detection, prevention, and analysis platforms and analyze raw data, metadata, and event logs to confirm suspected intrusion attempts into either local (on-premises) or cloud computing systems and use that information to inform the creation of AI-enabled cyber defense capabilities.
- Author and implement custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic.
- Use security orchestration and automation tools, augmented with AI, to triage events and suggest improvements on existing detections to reduce false positives and rapidly remediate redundant or repetitive detections.
- Investigate network anomalies and respond to cybersecurity incidents with a focus on AI-enabled cybersecurity operations.
- Abide by all governance and standards as defined by the Board or levied by external entities to remain compliant with all requirements when implementing AI solutions.
- Develop analytic products and reports that demonstrate the effectiveness of AI-enabled cybersecurity operations to include metrics, incident reports, and threat hunt analysis reports.
Qualifications
- 5+ years of hands-on cybersecurity operations experience that includes use of technologies such as Splunk, CrowdStrike, Palo Alto, Trellix (FireEye), CoreLight, Cisco Firepower Threat Defense, etc.
- 3+ years of hands-on cybersecurity operations experience that includes cloud resident technologies in Amazon Web Services, Microsoft Azure, Service Now, etc.
- Hands on experience implementing AI solutions for a Security Operations Center (SOC) or Cybersecurity Operations team.
- Experience using intrusion detection, prevention, and analysis platforms that are designed to identify and/or technically counter attempted intrusions.
- Experience authoring and implementing custom detection content for signature-based detection systems, security information and event management (SIEM) systems, host-based detection systems, and firewall logic.
- Experience monitoring real-time network activity flagged by a variety of intrusion detection, prevention, and analysis platforms and experience analyzing the resulting raw data, metadata, and event logs to confirm suspected intrusion attempts into either local (on-premises) or cloud computing systems.
Preferred Qualifications
- Demonstrated experience implementing AI-enabled cybersecurity solutions in a SOC environment.
- Experience operating in government environments that follow NIST, FISMA, FedRAMP, and OMB guidance.
- Strong problem-solving and analytical skills
- Excellent communication and documentation skills
Salary: $137,424 - $144,657
Additional benefits include:
- Paid Time Off & Holiday Pay
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Disability, Life Insurance, and AD&D
- Flexible Spending Accounts
- Pre-Tax 401K and/or After-Tax Roth IRA (with employer matching contribution)
- Tuition and Technical Training Reimbursement
- Exercise Reimbursement
- Computer Reimbursement
- Employee Assistance Program
Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- While performing the duties of this job, the employee may be regularly required to stand, sit, talk, hear, reach, stoop, kneel, and use hands and fingers to operate a computer, telephone, keyboard, and standard office equipment
- Specific vision abilities required by this job include close vision requirements due to computer work
- The employee must occasionally lift and/or move up to 15 pounds
- Fine hand manipulation (keyboarding)
Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Exposure to general office conditions while conducting office duties
- Moderate noise (i.e., business office with computers, phone, and printers, light traffic)
- Ability to work in a confined area
- Ability to sit at a computer terminal for an extended period