Senior Information Security Analyst

Blu Omega is looking for a Senior Information Security Analyst - Forensic to join our team. In this role, you will be conducting adversarial assessments and penetration testing to identify vulnerabilities and enhance system security. You will be responsible for developing comprehensive technical documentation to detail findings from penetration testing events, as well as preparing briefing materials for the CSPO. Additionally, you will assist in planning and executing adversarial (penetration) testing and provide recommendations for effective mitigation strategies.

• This position requires an active DoD Secret clearance (or above) as a precondition of employment.
• Candidates must be willing to work onsite five days per week in Port Hueneme, CA.

Responsibilities:

• Assist in establishing and managing a Security Operations Center (SOC) for incident response and threat hunting.
• Provide oversight and guidance to junior analysts, assisting in prioritization and milestone tracking.
• Manage the SIEM platform, monitor security alerts, and coordinate vulnerability assessments.
• Evaluate network structures, identify security risks, and recommend solutions based on best practices.
• Analyze network traffic and system logs to identify malicious activity, vulnerabilities, and exploit methods.
• Conduct forensic analysis on Windows/Linux clients, servers, and control operating systems.
• Research and integrate new security tools, synthesize findings into technical and non-technical reports.

Qualifications:

• 5 years of experience in security operations, with leadership in customer-facing roles.
• Strong expertise in host/network forensics tools (e.g., MAGNET, EnCase, Sleuthkit, FTK).
• In-depth knowledge of evidence handling, particularly in DoD environments.
• Ability to collect artifacts to ensure optimal case outcomes.
• Proficient in cyber-attack analysis, including understanding attack classifications, stages, and system vulnerabilities.
• Extensive knowledge of network protocols (TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB) and tools such as Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, and Security Center.
• Expertise in attack reconstruction using network traffic, integrating Threat Intelligence, and familiarity with the MITRE ATT&CK framework.
• Ability to collaborate across multiple locations.

Nice to Haves:

• Knowledge of Operational Technology (OT) and Industrial Control Systems (ICS).
• Strong analytical and troubleshooting skills.
• Proficient in MAGNET forensics software.
• Experience developing expert content in Splunk Enterprise Security.
• Knowledge of emerging threats and attack vectors to develop continuous monitoring rules.
• Familiarity with tools like Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, and SCADA systems.
• Ability to review logs and apply use cases to accelerate data model development.

Certifications:

• Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant certifications.
• Other relevant certifications include DoD 8570 CSSP, IAT Level II, CHFI, CySA , GIAC (e.g., GNFA, GCIA, GCIH).

Education:

• College degree preferred, not required.
• Cyber Security workforce standards under DoD 8140 should be met through education, experience, or certifications.