Cyber Security Analyst

ECS is seeking a Cybersecurity Analyst (SME) to work in our Huntsville, AL office. Please note: This position is contingent upon contract award.

ECS is seeking a qualified Cybersecurity Analyst (SME) to support cybersecurity operations for the Federal Bureau of Investigation. You will provide leadership and cyber-SME support for the Security Operations Center (SOC) Watch floor Team, playing a crucial role in the FBI's cybersecurity defense strategy.

Operating around the clock, 24/7, 365 days a year, this dynamic team ensures the timely detection and resolution of potential security incidents, thereby minimizing the impact of cyber threats on the organization. The watch floor team is responsible for actively detecting, monitoring, preventing, and analyzing real-time cybersecurity information, events, and threats. Serving as the operational hub of the SOC, the watch floor plays a critical role in safeguarding the confidentiality, integrity, and availability of an organization's information assets.

Responsibilities

• Conduct continuous monitoring of security alerts and events from various sources, such as security tools, logs, and sensors.
• Analyze the data to identify potential security incidents or anomalies.
• Detect and identify security incidents and breaches in real-time or near-real-time.
• Utilize security information and event management (SIEM) systems to correlate data and detect patterns indicative of malicious activity.
• Prioritize, and triage security alerts based on their severity and potential impact.
• Determine whether an alert requires immediate attention and response.
• Initiate incident response procedures for confirmed security incidents.
• Coordinate and collaborate with incident response teams to contain, eradicate, and recover from security breaches.
• Maintain communication with relevant stakeholders, including IT teams, management, and external parties.
• Assist in developing and maintaining data ingestion configurations to collect and parse log and event data from various sources across the organization.
• Ensure that security-related data is appropriately formatted and ingested into the SIEM for analysis.
• Contribute to developing custom searches, correlations, and alerts to identify potential security incidents.
• Create and optimize queries and rules to detect suspicious activities or patterns in the data.
• Build content to monitor and analyze specific security events and incidents based on the organization's security policies and requirements.
• Collaborate with SOC analysts and other security stakeholders to understand the organization's security needs and translate them into actionable use cases.
• Help maintain playbooks and automated responses within the SIEM to support incident investigations.

• Must have a current Top-Secret Clearance with the capability of obtaining SCI / CI-Poly if needed to meet contract requirements
• Expert experience with Splunk Enterprise Security.
• Must currently live within commuting distance to Huntsville, AL or be willing to relocate.
• Ability to work independently and as part of a team.