Intrusion detection analyst job description

The Rapid7 MDR SOC team is composed of numerous herds of moose in the US, EMEA, and APAC regions who work together to defend our global customers around-the-clock by quickly identifying and responding to threats. Our vision is to achieve real-time detection and response to every attack, every time.
About the Team
Rapid7 Managed Detection and Response (MDR) is built from the ground up to bring motivated and the passionate security talent face to face with emerging threats, practical challenges, and evil at scale. Our MDR service uses an impact-driven mindset to focus efforts on effective solutions, encouraging personal and technical innovation within the Security Operations Center (SOC). MDR provides 24/7/365 monitoring, threat hunting, incident response, and more with a focus on endpoint detection and behavioral intelligence.

About the Role
Rapid7 is looking for Security Analysts to help us detect advanced threats and stop attackers in their tracks at our flagship SOC in Arlington, VA. MDR analysts are primarily focused on 24/7 SOC monitoring and real-time incident validation, threat hunting, and incident response. This is a private industry position and does not require any level of government security clearance.

In this role, you will:
Deliver world-class threat detection services using traditional threat intelligence-based detection and user behavior analytics Conduct or assist with Rapid7 incident response investigations. Assist in capturing and deploying knowledge of attack methodologies Drive research initiatives to further threat detection capabilities and brand reputation through media interaction, public speaking, and blogs Provide continuous input to Rapid7 product development teams

The skills you'll bring include:
Experience with forensic network investigations, endpoint investigations, malware analysis, incident response, threat hunting, or any other job functions normally found within a SOCThe ability to identify processes in need of improvement and implement solutions. Endpoint detection experience Experience working in a 24/7 SOCSecurity Certifications (GFACT, GSEC, GCIA, GCIH, CySA+, CASP+, Security+, etc.)

We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.

About Rapid7
Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We're on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.

With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

SAIC is a premier Fortune 500 technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions. We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors.

SAIC has a career opportunity for an experienced scientists, engineers, and analysts. We are actively staffing a newly awarded, 5 year contract based in Fort Meade, MD. This multi-year contract needs you to fill highly skilled mathematicians, data scientists, engineers, collection managers and analysts. As an Intrusion Analyst, you will focus on security intelligence, anomaly hunting and incident response. You will leverage intuition, security knowledge and broad of array of tools and advanced security techniques to discover, analyze, and document malicious activity.
Responsibilities:

+ Perform technical analysis involving threat event data and evaluating malicious activity

+ Working/in-depth knowledge of information security protection/detection and authentication systems (firewalls, IDS, IPS, anti-virus, etc.)

+ Utilize knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities

+ Develop and implement mitigation strategies

**Qualifications**

+ Active TS/SCI with polygraph

+ Degree and minimum years of relevant work experience as follows:

+ AA and 10 years of experience or,

+ BA/BS and 8 years of experience or,

+ MA/MS and 6 years of experience or,

+ PhD and 4 years of experience

+ Knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP etc., and accompanying protocol/packet analysis/manipulation tools

+ In-depth knowledge of current operating environments (Microsoft, Linux, & OS X)

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
REQNUMBER: 2209318

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability

Who is Fusion Technology?

Fusion Technology is a performance-driven HUBZone Small Business concern residing in the heart of the beautiful mountainsides of West Virginia, steps away from the Federal Bureau of Investigation's Criminal Justice Information Services Division's Headquarters. Founded in 2007 by an Engineer-by-trade, Fusion Technology dedicates our valuable resources to providing comprehensive IT services and solutions to mission-critical US Government programs and the Intel Community.

Who are you?

* Security-cleared Professional: You are really trustworthy. You have an active Top Secret clearance, or a fully adjudicated Secret clearance with the ability to obtain and maintain an Interim Top Secret clearance.
* Seasoned Leader: You have a bachelor's degree and 4 to 8 years of prior relevant experience in order to operate within the scope contemplated by the level, and experience in lieu of degree may be acceptable. You also have prior experience performing as a SOC Analyst.
* Field Certified: You are a go-getter and an excellent test taker. You earned and maintain at least one of the following certifications:
* Certified Ethical Hacker (CEH)
* Global Information Assurance Certification (GIAC) Certified Incident Handler GCIH
* Or other relevant IT certification

* Inquisitive: You're well-versed in cybersecurity and it shows. You have a solid understanding of cyber landscapes and multiple types of typical threat and attack vectors. You like to problem solve incidents and remediated high-profile incident cases.
* Cyber Sleuth: You can track incidents like no one else against a framework such as MITRE ATT&CK or Cyber Kill Chain methodologies.
* Adaptable: You are not averse to working long hours. We don't need you to work 24x7, but we do need you to be on-call following a fair rotation schedule. You will work on an on-call rotation for SOC escalation as needed for night and weekends.

What we do:

The National Oceanic and Atmospheric Administration (NOAA) is a bureau within the Department of Commerce (DOC) focused on understanding and predicting changes in the Earth's environment. The demand for NOAA's products and information continues to grow as global climate change and the threat of natural disasters remain at the forefront of the Nation's attention. Fusion Technology aims to protect the delivery of this critical demand by modernizing NOAA's IT security infrastructure, increasing security awareness throughout the department, and coordinating security efforts with the intelligence community and stakeholders.

What you'll do:

* Perform against established operational rhythm, expectations, and standards for Security Operations Center (SOC) analysts
* Support 24x7 operations of the NOAA SOC, supporting shift coverage
* Perform incident handling responsibilities with direct interface to customers and management team
* Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs
* Perform analysis on anomalous behavior based on log data from firewalls, packet capture, web proxy services, network flow analysis, intrusion detection, and malware analysis tools
* Identify areas of improvement for SOC processes and tools to enhance the mission
* Provide teaching/mentoring junior analysts
* Provide excellent written and verbal communication skills, as well as strong analytical and troubleshooting skills
* Provide knowledge of SIEM solutions and incident management solutions

Preferred skills/experience, but not required:

* Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vector, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs)
* Familiarity with Cloud concepts and experience performing, monitoring, and responding to threats in Cloud environments
* Familiarity with the NOAA mission

What matters to you matters to us.

Fusion Technology values its employees and works hard to ensure proper care for them and their families. We desire to compensate employees in a competitive, motivational, fair, and equitable way with other employers in the marketplace. Salary is only one component of employee compensation but an integral part of recruiting and retaining qualified employees. However, at Fusion Technology, we take a comprehensive approach and consider each employee's needs to tailor a compensation plan that provides financial security and peace of mind. Our competitive package includes a best-in-class matching 401K program, comprehensive Cigna healthcare plan, a competitive employer contribution to a health savings account, vision and dental plans, life insurance, short- and long-term disability, and personal leave, in addition to paid certifications and training.

Fusion Technology LLC is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce. Qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.