Senior Cyber Security Intrusion Analyst

CareFirst BlueCross BlueShield - Owings Mills, MD3.9

Full-timeEstimated: $89,000 - $120,000 a year
Resp & Qualifications

The Senior Cyber Security Intrusion Analyst leads cloud security event monitoring and correlation within the Cybersecurity Operations Center. The selected candidate should have proven experience and the ability to leverage computer network defense (CND) analyst toolsets to detect and respond to Cyber security incidents. This role conducts research and documents threats and their behavior; provides recommendations for threat mitigation strategies; employs effective web, email, and telephonic communications to clearly manage security incident response procedures; and performs routine event reporting including trend reporting and analysis.

PRINCIPLE ACCOUNTABILITIES: Under the direction of the Manager, CyberSecurity Monitoring, Digital Forensics and Incident Response, the incumbent is responsible for, but is not limited to, the following:

Duties and Responsibilities:
Dedicated monitoring and analysis of Cyber security events.
Audit and review system reports and security logs for unauthorized access, noncompliant activity, or access misuse.
Monitor and escalate incoming security requests and events of interest from different external and internal sources.
Develop use-cases for monitoring various aspects of security infrastructure and applications.
Clearly and accurately document observations. Process incident communications to include initial reporting, follow-ups, requests for information and resolution activity.
Follow standard operating procedures for detecting, classifying, and reporting incidents.
Triage (determine scope, severity and priority) of offenses and events in Security Information and Event Management (SIEM) tool or within other security monitoring tools directly.
Research vulnerabilities in applications and systems. Provide recommendations for resolution and track remediation activities.
Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting the customer's networks
Monitor mailboxes to detect and analyze phishing attacks as well as any suspicious outbound messages.
Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.


Required Education and Experience: Degree or equivalent experience: BA/BS in Information Technology, CyberSecurity, Networking, Security, MIS, Computer Science or related field

Years of experience: minimum 5 years of demonstrated work experience. (Additional experience may be substituted for educational requirement.)

Along with the basic qualifications, the candidate will need to have experience in the following areas:

Cloud Security, Computing and Storage
E-mail security, DLP, ATP, SEP, McAfee
Cybersecurity threat detection, monitoring and reporting
Incident Response
Vulnerability Management
Cyber Intelligence and Threat Hunting
Specialized training (preferred, but not required): Transitioning, maintaining, or using security technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, Forensic tools, Network Anomaly Detection, Packet Capture Analysis; Incident response principles or related technical domain that is applied in the context of a broader understanding of CSIRT and related systems and processes.

Certification requirements (preferred, but not required):
GCIA (GIAC Certified Intrusion Analyst)
GCIH (GIAC Certified Incident Handler) Or the ability to obtain one certification within 6 months
AWS Certified Security

Required Skills and Abilities:
Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate.

Incumbent must have a firm understanding of Information and/or Cyber Security principles. Must be able to adapt quickly to understand rapidly changing threat landscape in order to correctly scope and prioritize security events. The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.

Experience preventing, detecting, analyzing and responding to threats against sensitive information.
Experience triaging security, network and endpoint forensic analysis, threat hunting and vulnerability escalation.
Experience with security monitoring and reporting tools and conducting security investigations of incidents and events.
Experience with scripting, automation and/or programming: Python, Powershell, Ansible, other orchestration tools, or equivalent.
Experience with the usage of the following tool: FireEye, Carbon Black, ArcSight, Symantec Endpoint Protection, Symantec Data Loss Prevention, EnCase or similar Network Security Monitoring, Endpoint Detection and Response tools.
Experience with using critical thinking and analytical skills to develop enhanced work flows and use cases for next generation platforms and cloud technology.
Experience with the ability to analyze large data sets and log files to find correlations and anomalies.
Experience with designing and developing data acquisition pipelines; use of Kafka, ELK, SPLUNK and Big Data solutions highly preferential.
Ability to utilize native cloud security tools in AWS and Azure to design and implement continuous monitoring solutions.
Must have the ability to script in multiple languages include Python and AWS.

Cloud Security Detection and Response
SOAR technology
ELK stack
Hands-on experience in a hybrid (AWS/Azure) cloud environment developing and implementing security monitoring solutions.


Department: InfoSec-Cyber Security Intelligence

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 11/20/2019

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship