Threat Management Specialist Tier 3

Job Type: Full- Time, Shift M-F; 7:00 AM - 4:00 PM

Workplace Type: Remote in the areas of Falls Church, VA or Morrisville, NC

Clearance: Ability to obtain a Public Trust clearance

Must be a U.S. Citizen

Benefits: Medical, dental, and vision coverage, 401k matching, generous PTO, paid holidays, professional training opportunities, and even pet insurance to ensure your furry friends are cared for too.

Job Summary

Castalia Systems is currently searching for a Threat Management Analyst Tier 3, Tier 3 Monitoring and Detection (MaD) Analysts identify the Cybersecurity events related to well-resourced, sophisticated adversary, which uses multiple attack vectors such as cyber, physical, and deception to achieve its objectives. Including but not limited to:

• Advanced Persistent Threat (APT) procedures and systems support to respond to complex threat behaviors or indications requiring experts to hunt and characterize APT;
• Malware containment, remediation, detection, and prevention including artifacts observed on a network or in an operating system, which with high confidence indicates a computer intrusion to include examining possibly malicious files, webpages, and network traffic to understand the nature of their threat and to provide information about the method of entry, the intent of the attack, and the impact of the incident.
• Utilize Artificial Intelligence (AI) and Machine Learning (ML) based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence.
• Collaborate with data scientists and engineering teams to integrate AI-driven detection mechanisms into existing security infrastructure
• Provide analysis on how to leverage Artificial Intelligence, Machine Learning, and SOAR capabilities to improve CSOC efficiency and accuracy.

Roles and Responsibilities

A qualified candidate will perform the following duties and responsibilities, but are not limited to:

• Recognize potential, successful, and unsuccessful intrusion attempts and compromises, and perform careful analysis of relevant event details and summary information
• Identification of security problems which may require mitigating controls
• Identification of the adversary activity and movement within USPS environment
• Analyze network traffic to identify command and control (C2) communications
• Analyze attachments and URLs for malicious code
• Recommend detection and containment mechanisms for exploit and or intrusion related attempts
• Work with law enforcement if needed for handoff of investigations
• Manage email security using ProofPoint, monitor for threats, and promptly respond to alerts/issues
• Possesses ability to conduct packet analysis and recommend custom monitoring policies and signatures within network detection tools
• Reviewing and responding to security alerts and incidents across multiple platforms including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud Security Command Center (SCC)
• Perform log analysis, generate Indicators of Compromise (IOCs) and develop specialized searches to investigate security incidents diligently through Splunk Cloud and ES and Sentinel 1
• Use Sentinel 1 Deep Visibility to respond to alerts and conduct thorough security assessments
• Utilize AI/ML-based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence.
• Identify and support automation use cases, including the use of AI/ML to enhance SOC capabilities.
• Collaborate across Operations to provide SOC enhancement capabilities through the use of automation and AI.

Required Qualifications:

• BA or BS in Computer Science, Information Technology or related field
• 8-12 years of experience
• Certifications such as GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), EC-Council Certified Incident Handler (ECIH); Certifications such as GIAC Reverse Engineering Malware (GREM) or similar
• 3+ years' experience in IT Operations
• 3+ years' experience in Incident Response Operations, malware analysis
• Ability to assess security incidents promptly and effectively and communicate a course of action to respond to the security incident while mitigating risk and limiting impact
• Strong working knowledge of:
  
  
  
  • Platform Security Basics
  • Threat Lifecycle Management
  • Incident and Crisis Management
  • Static binary analysis techniques
  • Live malware analysis techniques
  • Disassembly and reverse engineering
  
  
  
  
• Preference for hands-on experience with Artificial Intelligence (AI) and Machine Learning (ML) techniques to enhance cybersecurity operations
• Preference for experience working with SentinelOne, ServiceNow Incident Response (SIR), Splunk ES and SOAR, AWS, Azure, Okta, O365, Sourcefire, Proofpoint,
• Advance knowledge of APT detection and mitigation
• Advanced knowledge of networking technologies and protocols, including Ethernet, TCP and IP routing, security architecture, and mobile technology
• Experience investigating targeted intrusions through complex network segments
• Familiar with DMAR, DKIM, SPF concepts
• Familiar with Azure/O365/Google Cloud integration
• Strong understanding of IDS/IPS signatures, content creation and signature characteristics including both signature and anomaly-based analysis and detection
• Understanding and experience identifying and implementing automation use cases.

Physical Requirements/Work Environment

• Remote in the areas of Morrisville, NC or Falls Church, VA with possibility that some onsite work may be needed.
• Shift: M-F; 7:00 AM - 4:00 PM

Travel

Less than 5%.

Company Description

Castalia Systems is a proven business partner providing mission critical solutions to the Federal Government. We provide cutting edge solutions from Securing and Managing Data to Systems Engineering and Development. Castalia Systems is a pioneer in Artificial Intelligence Design and Application.

With our vast knowledge of our customers' needs and relevant technology, our team is able to bring successful solutions to every mission. We are one-upping our competitors by providing premium IT solutions and platforms with cutting-edge technology so it's so evident when you compare us with anyone.

Disclaimer

Castalia Systems is an equal employment opportunity and affirmative action employer and strives to comply with all applicable laws prohibiting discrimination based on race, color, creed, sex, sexual orientation, age, national origin, or ancestry, physical or mental disability, veteran status, marital status, HIV-positive status, as well as any other category protected by federal, state, or local laws. All such discrimination is unlawful, and all persons involved in the operations of the company are prohibited from engaging in this type of conduct.

#CJ