Senior Cybersecurity Analyst (Threat Hunting and Pursuit) Job at Phia in Lakewoo
Phia, Lakewood, CO, United States
At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is hiring a Senior Cybersecurity Analyst (Threat Hunting and Pursuit) who can think like a cyber attacker and develop and implement creative methods to detect and thwart those behaviors. You'll use your network defense experience and analytical skills to rapidly prototype and develop scripts to create haystacks and sift through the false positives to find patterns and indicators. Work with our team of cyber threat hunting experts to find the adversary in common blind spots and advise federal customers on ways to close gaps and harden their network. This job is performed on-site in Lakewood, CO (Denver area).
What You'll Do
- Actively hunt threats on client networks
- Investigate SIEM and other security application logs for suspicious and malicious behaviors
- Identify potential attack vectors and threat actor TTPs to support active network defense
- Investigate security incidents and provide detailed overview of the event from intrusion to mitigation
- Create behavior-based detections to monitor for suspicious and malicious activity
- Collaborate with Cyber Threat Intelligence analysts and SOC analysts to jointly harden client networks
- Review, improve, and implement complex network detections
- Train and mentor junior analysts on best practices and Blue Team TTPs
- Bachelor's Degree
- 12+ years of cybersecurity/information assurance experience (defense or offense)
- Minimum of five (5) years technical experience effectively providing network and/or system administration, operations, and/or security testing and evaluation
- Familiarity with the US Intelligence Community and using intelligence to support cyber defense/mitigation work
- Familiarity with cyber hunt methodologies
- Experience working cyber issues to include offensive or defensive TTPs
- Understanding of foreign capabilities in IT or OT environments
- Experience providing forensic and data analysis support to cyber issues
- Experience with logging and data analysis platforms such as Kibana or Splunk
- Experience with data forensic tools, including Wireshark, Kali tools, encoders/decoders, etc.
- Experience working with Linux and command-line interfaces
- Knowledge of common malware functionality and operations
- Experience writing technical reports and briefing leadership
- Ability to provide on-site, full-time support in a client environment
- Minimum IAM or IAT Level III (i.e. one or more of CISSP, CCSP, CASP+CE, CISM, CISA, CCNP Security, GSLC, GCED, GCIH)
- GIAC Certified Cyber Threat Intelligence (GCTI)
- GIAC Security Operations Certified (GSOC)
- GIAC Defending Advanced Threats (GDAT)
- GIAC Certified Incident Handler (GCIH)
- GIAC Enterprise Incident Response (GEIR)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Detection Analyst (GCDA)
- GIAC Certified Network Forensic Analyst (GNFA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Critical Infrastructure Protection (GCIP)
- GIAC Response and Industrial Defense (GRID)
- U.S. Citizenship
- Active Top Secret required
- An agency background check is required
- Experience in leading cyber exercises
- Experience with reporting IT Security events and incidents in the time prescribed based on policies and procedures
- Experience with effectively providing network or system administration, or computer operations
- Experience with forensics tools, Encase, IDA PRO, or Wireshark
- Experience with US critical infrastructure
- Experience with analyzing ICS and SCADA traffic
- Experience with cyber operations center environments
- Experience with writing technical reports and briefing leadership
- Knowledge of supporting the IC, national level system security initiatives, and secure Information, Local Area Network (LAN), and Wide Area Network (WAN) technologies
- Knowledge of virtualization
- Experience working in Purple Teams supporting Red and Blue Team exercises and testing
$150,000 - $180,000 a year
#LI-LC1
Who You Are
A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
Intellectually curious with a genuine desire to learn and advance your career.
An effective communicator, both verbally and in writing.
Customer service-oriented and mission-focused.
Critical thinker with excellent problem-solving skills
If your experience and qualifications aren't a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Are
phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
Comprehensive medical insurance to include dental and vision
Short Term & Long-Term Disability
401k Retirement Savings Plan with Company Match
Tuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.