Job ID: NC-580317 (95391104)
Security Analyst with incident response, intrusion/malware analysis, APT, NIST, SANS, PCI, HIPAA, FERPA, PII, CJI, HITECH, NMAP, OpenVas, Metasploit, Nessus, QRadar and SIEM experience
Location: Raleigh NC (NCDPS)
Duration: 6 months
Interview: In-person ONLY
Skill Required / Desired Amount of Experience
Two years working in a cyber security environment. Required 2 Years
knowledge in relevant areas, such as incident response, intrusion analysis, incident handling, or malware analysis. Required 2 Years
Proven ability to address advanced threats, such as APT, and be well versed in the tools, tactics, and procedures used by such cyber actors. Required 2 Years
Experience with the NIST Risk Management Framework, NIST Security & Privacy Controls, and SANS Critical Security Controls Required 2 Years
Cyber security professional with business, Information technology, and military experience. Excellent team player and leader that is passionate about team and individual growth. Experience with the NIST Risk Management Framework and NIST Security & Privacy Controls. Engage in organizational security assessments, data classification, business continuity planning, vulnerability scanning, and penetration testing projects. Establish and implement plans to protect data and information systems against unauthorized access. Respond to security incidents and perform remediation. Provide analysis and containment of compromised systems and mitigate the root cause. Ensure confidentiality, availability and integrity of data. Manage network intrusion, detection and prevention systems. Perform PCI, HIPAA, FERPA, PII, CJI, HITECH compliance assessments, ensure best practices are understood and implemented. Perform audits utilizing NIST security control standards, document and mitigate discrepancies.
Knowledge, Skills, and Abilities Recommended in this Position
• Basic knowledge in relevant areas, such as incident response, intrusion analysis, incident handling, or malware analysis.
• Proven ability to address advanced threats, such as APT, and be well versed in the tools, tactics, and procedures used by such cyber actors.
• Works with data owners and product managers to categorize systems that may process PII, FERPA, FTI data.
• Use Risk Management Framework, Security & Privacy Controls, and CIS Critical Controls, and FedRAMP to evaluate information security policy & architecture, and projects in compliance with state laws.
• Experience with the NIST Risk Management Framework, NIST Security & Privacy Controls, and SANS Critical Security Controls. Analyzes multiple industry standards, policies, and tools to develop expertise in establishing holistic and comprehensive models for organizational security policies and procedures.
• Expanded cybersecurity knowledge of NMAP, OpenVas, Metasploit, Nessus scanner/Security Center, IBM QRadar, email filtering, forensics tools.
• Evaluates Request for Proposals for penetration testing projects, mobile device management, and other projects.
• Uses forensic tool kits and eDiscovery to scan memory and email for various historical information and activity.
• Basic knowledge of various security methodologies, processes, and hardware; including firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS)
• Establish and implement plans to protect data and information systems against unauthorized access.
• Provide analysis and containment of compromised systems and mitigate root cause.
• Basic knowledge of various computer forensic methodologies.
• Knowledge of state/local and federal laws and regulations regarding cybercrime.
• Extensive experience in deploying, maintaining, and utilizing a variety of tools, data-sources, platforms, and applications commonly leveraged in cyber intelligence collection, processing, information management, and analysis, e.g. SIEM, forensic tools.
• Strong written/verbal communications.
• Proven ability to work under stress in emergencies with flexibility to handle pressure coming from all direction at one time.
• Strong customer focus and ability to manage client expectations.
• Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people.
• At least 2 years’ experience as an Cyber Security Analyst/Specialist
• CompTIA Security+ certification