Senior Cybersecurity Analyst

About Banduri

Banduri helps organizations execute digital transformations with agility so that continuous innovation becomes their core competency. Core to Banduri's values and culture is the belief that everyone deserves to thrive. Our mission is to leave things better than we found them, make things that matter, and help our customers harness the power of change. We know that to do this requires radical candor, a dedicated focus on the users, and creativity. There are no big egos here. We are collaborators and team players. We want solutions-oriented problem solvers, critical thinkers, and committed creators that are passionate about what they do.

We are currently hiring a SENIOR CYBERSECURITY ANALYST to support the modernization efforts of a federal agency. 

MUST BE A US CITIZEN AND PASS BACKGROUND CHECK

Position Location:

This position offers hybrid work options with occasional on-site requirements at the client's Washington D.C. headquarters. Our office is in Fredericksburg, VA right next to the Fredericksburg (FBG) Amtrak/VRE station.

Position Description:

Responsible for leading the proactive defense of the organization's information systems. Provides expert-level guidance on cybersecurity operations, risk mitigation, incident response, and security architecture, ensuring the organization's IT environment remains secure, resilient, and compliant with applicable regulations and standards. Acts as a mentor and technical authority, driving continuous improvement in security practices and fostering a strong security culture.

Key Responsibilities:

·         Security Operations & Architecture: Architect, implement, and manage advanced security solutions, including SIEM, ZTS, EDR, IDS/IPS, and other cyber management platforms, optimizing their effectiveness and integration; lead proactive threat hunting and vulnerability assessments, identifying and mitigating emerging threats before they can impact the organization; develop and champion security best practices and standards, ensuring their consistent application across the organization; provide expert guidance on secure system design and architecture, influencing IT projects and initiatives to incorporate security from inception

·         Incident Response Leadership: Lead and coordinate complex incident response efforts, effectively containing and eradicating threats, minimizing business impact, and conducting thorough post-incident analysis; develop and maintain comprehensive incident response plans, playbooks, and procedures, ensuring their alignment with industry best practices and regulatory requirements; mentor and train junior analysts in incident response techniques

·         Risk Management & Compliance: Conduct comprehensive risk assessments, identifying vulnerabilities and recommending appropriate mitigation strategies; lead the development and implementation of security policies, standards, and procedures, ensuring compliance with frameworks such as NIST, ISO 27001, and other relevant regulations; provide expert advice on security compliance and audit requirements, supporting internal and external audits

·         Security Awareness & Training: Develop and deliver engaging security awareness training programs, educating employees on best practices and promoting a strong security culture; mentor and guide IT staff on secure configurations and best practices

·         Collaboration & Communication: Collaborate effectively with senior management, IT teams, and business stakeholders to communicate security risks and recommendations; provide clear and concise reports on security incidents, risk assessments, and vulnerabilities, presenting complex technical information in an accessible manner; represent the organization in security-related discussions with external vendors, partners, and industry groups

·         Continuous Improvement & Innovation: Research and evaluate emerging security technologies and threats, recommending and implementing innovative solutions to enhance the organization's security posture; identify process gaps and recommend enhancements to security operations, driving continuous improvement in security practices; contribute to the development of the organization's overall cybersecurity strategy

Required Skills:

·         Deep expertise in security tools and technologies, including firewalls, SIEM, IDS/IPS, ZTS, EDR, vulnerability scanning solutions, and cloud security platforms

·         Advanced understanding of network protocols, operating systems (Windows, macOS, Linux, iOS, Android), cloud environments (AWS, Azure, GCP), and containerization technologies

·         Proficiency in scripting languages (e.g., Python, PowerShell) for automation and security tasks

·         Experience with security architecture and design principles

·         Exceptional analytical and problem-solving skills, with the ability to analyze complex security logs and events to identify patterns and potential threats

·         Proven ability to lead and manage complex security incidents

·         Excellent written and verbal communication skills, with the ability to effectively convey technical information to both technical and non-technical audiences

·         Demonstrated leadership skills, with the ability to mentor and guide junior analysts

Required Experience:

·         Minimum of 10 years of hands-on experience in cybersecurity or related IT roles, with a focus on security operations, incident response, and risk management

·         Extensive experience with security monitoring tools and incident response processes

·         Deep understanding of compliance requirements and risk management frameworks such as NIST, ISO 27001, and HIPAA

·         Experience in a leadership or mentorship role

Certifications  (1 or more required):

·         CISSP

·         CompTIA Security

·         AWS Certified Security Specialty

·         Microsoft Azure Security Technologies Certified

·         Vendor certifications (e.g., Zscaler, CrowdStrike, Splunk)

·         Certified Ethical Hacker (CEH)

·         GIAC certifications (e.g., GSEC, GCIA, GCSH)

Banduri is committed to a diverse and inclusive workplace. Banduri is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.