Seeking experienced security incident response operations analysts to manage confidentiality, integrity, and availability of internal and customer-facing networks and protection of vital information from cyber adversaries. This position will involve cybersecurity incident response threat validation and reporting, incident and threat coordination and communication, participation in the development of cyber analysis growth and improvement opportunities and advisory boards, extensive writing and briefing opportunities, and developing reports and risk assessments for government programs.
Required Skills, Certification, Experience, and Education:
The ideal candidate must be a self-starter, customer-focused, team player, and be able to coordinate and collaborate on multiple issues simultaneously with many stakeholders. Candidate must have relevant networking experience (e.g. TCP/IP stack, DNS, BGP, metadata, IDS/IPS) and be able to serve as a Subject Matter Expert in security event identification, known threat validation and analysis, and network vulnerability analysis and reporting. Supports, trains, and tasks Tier 2 incident response analysts, as needed, Investigates SIEM-based and non-SIEM-based anomalies against customers and AT&T systems for which no policy, rule, or procedure exist Coordinates with other network and security teams to mitigate and isolate active threats against AT&T systems Develops new SIEM rules and IDS/IPS signatures for alerting and/or blocking against future cyber threats. Possesses in-depth knowledge on network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as functioning of specific applications or underlying IT infrastructure; acts as an incident "hunter", not waiting for escalated incidents; closely involved with developing, tuning and implementing threat detection analytics. Candidates must have expertise in security information and event management tools (HP, Splunk, OSSIM, etc.), collecting and analyzing host-based (Windows and Linux) and network-based data, using Computer Network Defense or forensic tools, gathering and interpreting information, performing Internet research, identifying mitigation strategies, and effectively communicating results. A minimum of 10 years of relevant cybersecurity experience is required. Must be flexible with work hours and willing to work shifts when required to meet mission needs. DLP, Web Proxy, and IDP/IDS experience preferred. Hands-on experience with Splunk is highly desirable.
Required Clearance: Must have and be able to maintain a Secret clearance
Desired candidates should be methodical and prolific writers with acute attention to detail. Candidates should have a minimum of 3-7 years security incident handling expertise within a security operations center. Develops and implements advanced cyber defense solutions and changes for organizations, safeguards the corporate infrastructure from infiltrations of exfiltration, and assures that the system is built to specification and is deployed successfully. Designs, maintains, and operates highly complex and high secure communications network environments. Performs in-depth network security analysis, and conducts preliminary incident response, event analysis, and threat intelligence. Reviews security events that could be a detriment to the organization’s overall security stance.
An 8570 IAT level 2 or higher certification is required within the first 6 months from hire: I.e. GSEC, Security+ CE, SSCP GCIH, CISA, CISSP (or Associate), or GCED.
AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V