Key Facts

Remote From:

Illinois (USA)

Full time

12 - 12K yearly

English

Hard Skills

Other Skills

•
Teamwork
•
Persuasive Communication
•
Analytical Thinking
•
Detail Oriented
•
Problem Solving

Roles & Responsibilities

7+ years of experience with security operations, threat hunting, and incident response
Experience analyzing alerts from Cloud, SIEM, EDR, and XDR tools and alert tuning (prefers SentinelOne, Armis, and Splunk)
Experience with AI/ML-based security tools and configuring/implementing SOAR use cases
One or more certifications: CISSP, CISA, CISM, GIAC, or RHCE

Requirements:

Perform triage on security escalations and detections to determine scope, severity, and root cause
Monitor security events, detect incidents, and investigate incidents
Identify, develop, and implement automation use cases leveraging AI/ML capabilities
Support deploying, configuring, testing, and maintaining SOAR platforms and tools integrated with AI/ML to enhance threat detection, analysis and response

PlanIT Group, LLC

About PlanIT Group, LLC

PlanIT Group is an IT and engineering professional services company which provides top-tier talent to various commercial and government customers. We also provide systems and IT infrastructure integration which allows us to bring the talent and manage the implementation. At PlanIT Group, we pride ourselves on being extremely agile, innovative, and forward thinking. At PlanIT Group, we specialize in sourcing and matching skilled professionals to meet the dynamic demands of the digital landscape. With a focus on precision and expertise, we connect companies with the right individuals, driving innovation, and success in the ever-evolving world of technology. Our customers engage us to create solutions to complex mission challenges, and PlanIT delivers. Innovation. Integration. Integrity.

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

Cyber Threat Analyst III (Remote)

Requirements
Key Responsibilities
1. Responsible for performing triage on all security escalations and detections to determine scope, severity, and root cause.
2. Monitor cyber security events, detecting incidents, and investigating incidents.
3. Identify, recommend strategies, develop, and implement automation use cases leveraging AI/ML capabilities.
4. Support deploying, configuring, testing, and maintaining Security Orchestration, Automation, and Response (SOAR) platform, and tools integrated with AI/ML capabilities to enhance threat detection, analysis and response.
5. Provide support to contract Program Manager, as necessary.
6. Effectively communicates technical information to non-technical audiences.
7. Influence others to comply with policies and conform to standards and best practices.

Qualification Requirements:
• 7+ years of experience with security operations, threat hunting, and incident response
• Experience in analyzing alerts from Cloud, SIEM, EDR, and XDR tools, and alerts tuning process with preference on SentinelOne, Armis, and Splunk.
• Experience in configuring network devices and analyzing network traffic
• Experience with Artificial Intelligence and Machine Learning (AI/ML) based security tools.
• Experience in researching, developing, and implementing SOAR use cases.
• Familiar with Security Orchestration, Automation, and Response (SOAR) platform
• Familiarity with cybersecurity operation center functions.
• Experience configuring and re-configuring security tools, including SenintelOne and Splunk.
• Experience implementing Security frameworks, such as MITRE Telecommunication&CK and NIST, and can interpret use cases into actionable monitoring solutions.
• MUST have one or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE.

Strong working knowledge of:
• Develop, test and Implement dynamic Risk-Based Alerting (RBA)
• Identifying and developing RBA and identifying use cases for SOAR and AI/ML.
• Monitor and analyze alerts from various sources such as IDS/IPS, Splunk, Tanium, MS Defender, SentinelOne and Cloud security tools leveraging SOAR and AI/ML capabilities, and provide recommendation for further tuning of these alerts when necessary.
• Analyze network traffic utilizing available tools and provide recommendations
• Perform vulnerability assessments of recently discovered CVEs against US Government Client systems and network.
• Assist in the process of configuring or re-configuring the security tools.
• Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, UNIX, Linux, as well as embedded systems and mainframes.
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements

Education/Overall experience:
o A minimum of eight (8) to twelve (12) years' relevant experience.
o A degree from an accredited College/University in the applicable field of services is required. If the individual's degree is not in the applicable field then four additional years of related experience is required.

Additional Provisions:
• Pass a client mandated clearance process to include drug screening, criminal history check and credit check.
• Once candidate's resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process.
• If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance.
• All candidates must be a US Citizen or permanent status Green Card holder.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)