Cyber Threat Analyst Associate

Summary: GDIT is a global technology and professional services company that delivers consulting, technology, and mission services across the U.S. government. As a Cyber Threat Analyst Associate, you will be responsible for monitoring, triaging, and communicating security events within the Security Operations Center (SOC), utilizing advanced tools to identify and respond to cyber threats. Responsibilities: - Provides technical support on post event network security logs and trend analysis to uncover security and compliance violations - Detects the full spectrum of known cyberattacks (e.g., DDoS, malware, phishing, others) - Pinpoints location of compromised systems and devices, and conducts cyber incident and event monitoring identifying anomalous and malicious activity - Correlates events from the various components in the IT security infrastructure and identifies attacks and breaches - Associates and correlates IP address related events with specific systems or devices in the IT infrastructure - Identifies and analyzes intelligence information about threats to customer’s information processing systems - Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough triage of events utilizing relevant event detail and summary information - Ensure the integrity and protection of networks, systems, and applications through monitoring of security devices. React to customers escalations - Observes and documents actions taken by malicious actors in customer networks and contribute to content creation - Experience working within a wide range of environments to include Linux, UNIX, Windows in addition to a strong understanding of networking, the OSI model, and TCP/IP protocols - Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations Required Qualifications: - 0+ years related experience - Knowledge of information security event monitoring and detection and NID monitoring and incident response; Cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks); Attack methods and techniques (e.g., DDoS, brute force, spoofing, etc.) - Knowledge of IPS/IDS, managing cases with enterprise SIEM systems (e.g. Sentinel One, Splunk) and other network security tools - Familiarity with Federal and DoD security standards such as NIST, DCID, CNSS and DoD 8500 - Exposure to Windows and Linux OS to include knowledge of the command line interface - Knowledge of IDS/IPS, penetration and vulnerability testing, DLP, anti-virus and anti-malware, TCP/IP, computer networking, routing and switching - Understanding of computer networking fundamentals, network traffic analysis methods, and ability to review and analyze network packet captures - Understanding of e-mail security fundamentals - Technical Training, Certification, or Degree Required Skills: Security Incident Response, Information Technology Security, SIEM, IDS/IPS, Penetration Testing, Vulnerability Testing, TCP/IP, Network Security, Network Traffic Analysis, Malware Analysis, DDoS Mitigation, Windows OS, Linux OS, OSI Model, Email Security, NIST Standards, DoD Security Standards, Network Packet Capture Analysis Benefits: A variety of medical plan options, some with Health Savings Accounts, Dental plan options, A vision plan, A 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match, Full flex work weeks where possible, A variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave, Short and long-term disability benefits, Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance