Watch Floor Cybersecurity Analyst - SME

Job Description:

TMC Technologies is in search of a SME-level Cybersecurity Analyst to join the FBI's ESOC Watch Floor Operations Team, playing a crucial role in the FBI's cybersecurity defense strategy. Operating around the clock, 24/7, 365 days a year, this dynamic team ensures the timely detection and resolution of potential security incidents, thereby minimizing the impact of cyber threats on the organization. The watch floor team is responsible for actively detecting, monitoring, preventing, and analyzing real-time cybersecurity information, events, and threats. The candidate must be a US citizen and possess a minimum of an active Top Secret clearance with Sensitive Compartmented Information (SCI) eligibility to start due to federal contract requirements. This position is in support of a contract bid opportunity with expected award in mid-June 2025.

The Watch Floor Cybersecurity Analyst - SME will have the following responsibilities:

• Conduct continuous monitoring of security alerts and events from various sources, such as security tools, logs, and sensors.
• Analyze the data to identify potential security incidents or anomalies.

- Detect and identify security incidents and breaches in real- me or near-real-time.

• Utilize security information on and event management (SIEM) systems to correlate data and detect patterns indicative of malicious activity.
• Prioritize, and triage security alerts based on their severity and potential impact.
• Determine whether an alert requires immediate attention and response.
• Initiate incident response procedures for confirmed security incidents.
• Coordinate and collaborate with incident response teams to contain, eradicate, and recover from security breaches.
• Communication on with relevant stakeholders, including IT teams, management, and external partners.
• Collaborate with different teams to share information and coordinate response efforts.
• Integrate threat intelligence feeds to enhance the Security Operations Center’s (SOC) understanding of current and emerging threats.
• Leverage threat intelligence to defend against potential attacks proactively.
• Generate reports on security incidents, including their nature, scope, and impact and disseminate upon approval for release.
• Possess in-depth knowledge of cybersecurity principles, practices, and frameworks, including Incident Response Frameworks, Executive Orders and National Cybersecurity Strategies, CIS Controls, ISO/IEC 27001, NIST Cybersecurity Framework and Federal Information Security Management Act (FISMA), to guide SOC operations.
• Exhibit comprehensive familiarity with various security technologies, including firewalls, IDS/IPS, endpoint protection, and advanced threat detection tools.
• Possess expert knowledge of network protocols, opera ng systems, and application security to effectively analyze and respond to emerging threats.
• Maintain a robust understanding of current and emerging cybersecurity threats, vulnerabilities, and trends, leveraging this knowledge to inform proactive defense strategies.
• Have significant experience managing and responding to security incidents, including expertise in incident response frameworks, methodologies, and best practices.
• Demonstrate thorough knowledge of compliance requirements and regulations relevant to cybersecurity, such as GDPR, HIPAA, and PCI DSS, ensuring adherence to industry standards.
• Possess familiarity with various threat intelligence sources and the ability to integrate and operationalize threat intelligence within security operations.
• Have a strong understanding of security awareness training techniques, effectively educating staff on best practices and threat awareness.
• Exhibit a commitment to ethical conduct and maintaining the confidentiality, integrity, and availability of organizational data.
• Understand the principles of risk management and vulnerability assessment to identify and mitigate potential security risks effectively.
• Have extensive experience in conducting digital forensics and malware analysis, taking a lead role in investigations of complex security incidents.

• US Citizenship and active Top Secret clearance with SCI eligibility required
• Minimum of 10 years of relevant experience required
• Experience with scripting languages (Python, PowerShell, etc) required
• Bachelor’s Degree preferred
• Experience with security information and event management (SIEM) systems required
• Splunk Enterprise Security Certification required
• Preferred certifications include:

GIAC Continuous Monitoring Certification (GMON)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Network Forensic Analyst (GNFA)
GIAC Cloud Threat Detection (GCTD)
GIAC Cloud Forensics Responder (GCFR)
Microsoft Sentinel