Intrusion Analyst

About DMI

• Report to Director of Security Operations or his/her designee
• Provide SOC Analyst Tier 3 escalation support
• Train SOC analysts on usage of SIEM tools (Splunk), and basic event analysis
• Develop rules and tune SIEM and related tools to streamline the event analysis done by the SOC
• Assist developing new processes and procedures for SOC monitoring
• Monitor networks for threats from external and internal sources
• Analyze network traffic of compromised systems and networks
• Correlate actionable security events from various sources
• Review threat data and develop custom signatures
• Understand cybersecurity attacks and tactics, techniques, and procedures (TTPs) associated with advanced threats
• Communicate clearly with Government counterparts, and SOC customers
• Provide incident handling support during cybersecurity incident response efforts
• Maintain current knowledge and skill of applicable incident response and intrusion analysis best practices and tools
• Development and implementation and operational and technical incident response processes, procedure, guidance, and standards
• Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.

• Conduct malware analysis of attacker tools
• Lead investigations for cybersecurity incidents
• Perform forensic examinations on compromised systems
• Understand and use forensic tools and techniques for cybersecurity incidents
• Create forensic analysis, and root cause reports
• Contribute to technical briefings on the details of exams and report

• Bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline and 4+ years of experience. Associate degree and/or cyber courses/certifications or 5 years of experience in directly related fields may be substituted in lieu of bachelor's degree
• Demonstrated working knowledge of cyber forensics tools and techniques
• Practical experience in malware analysis

• At least 1 security management industry certifications such as CISSP, CISM, CISA, CRISC etc.
• Self-starter, able to gather requirements, plan, execute system deployment efforts.
• Able to perform conduct vulnerability assessment of technical security controls, identify and validate findings, research resolutions, and provide remediation/mitigation recommendations.
• LAN administration experience, particularly with Windows OS and Linux OS.
• Experience with the vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect etc.
• Experience with Governance, Risk, and Compliance (GRC) platforms such as RSA Archer, ServiceNow GRC, CSAM
• Customer-oriented with excellent issue follow-through and resolution abilities.
• Excellent written and oral communication, and presentation skills.
• Ability to effectively work both autonomously as well as on a team.
• Outstanding interpersonal skills, strong work ethic, and self-motivated.
• Utilize tools and analytical skills to plan and execute technical changes.

• Hands-on experience with system forensics analysis tools (Encase, FTK, X-Ways, Sleuthkit or other)
• Hands-on experience with SIEM - Splunk Enterprise Security is preferred
• Hands-on experience with PCAP analysis / forensics tools - Wireshark, TCP Dump, Network Miner or other
• Hands-on experience with malware Analysis - Miscellaneous dynamic & static analysis tools (IDA Pro, Ghidra, OllyDBG, WinHex, Volatility, HexEdit, HexDump)
• Hands-on experience with Endpoint Detection & Response solutions - Tanium Threat Response, McAfee or other
• Hands-on experience with malware anti-forensics, obfuscation, packing techniques
• Hands-on experience analyzing operating system components i.e., memory, files systems, registry
• Hands-on experience with Custom Signature Creation - YARA
• Scripting/Programming experience - Python, Perl, C, C, Go
• Other relevant industry certifications such as GIAC Reverse Engineering Malware (GREM), Certified Ethical Hacker (CEH), Certified Computer Forensics Examiner (CCFE), Certified Reverse Engineering Analyst (CREA) etc.

• Community - Blood drives, volunteering opportunities, Holiday parties, summer picnics, Tech Chef, Octoberfest just to name a few ways DMI comes together as a community.
• Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel and many other items to provide convenience.
• Development - Annual performance management, continuing education and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development.
• Financial - Generous 401k match for both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee.
• Recognition - Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgement through Give-A-Wow, employee referral bonuses.
• Wellness - Healthcare benefits, Wellness programs, Flu Shots, Biometric screenings, on-site lactation rooms provide employees with several wellness options.