Tyto Athene is searching for a Senior Cyber Watch Analyst to support our customer in Arlington, Virginia.

Responsibilities:

• Utilize security tools to analyze, investigate, and triage security alerts
• Coordinate the monitoring of our customers environments, including cloud and SaaS solutions for evidence of adversarial activity
• Lead cross-functional teams to perform in-depth analysis and investigation of high-priority cybersecurity incidents
• Utilize advanced tools, such as digital forensics or malware analysis capabilities, to identify incidents’ root causes, scope, and impact
• Collaborate with cyber threat hunting and cyber threat intelligence teams
• Conduct post-incident analysis and lessons learned to identify improvement opportunities
• Develop or tune detection rules or signatures to improve the effectiveness of security monitoring and collaborate with engineering teams to implement them
• Accurately document triage findings, and intake reports of external cybersecurity events from SOC customers via phone or email in the SOCs Incident Management System(IMS)
• Learn new open and closed-source investigative techniques
• Perform research on emerging threats and vulnerabilities to aid their prevention and mitigation
• Assist in developing and implementing initiatives that will enhance the SOC’s performance (e.g., SOPs, playbooks, capability deployments)
• Escalate SOC performance issues or risks to management
• Provide guidance and mentorship to Tier 1 and Tier 2 SOC Analysts to enhance their skills and capabilities

Required:

• Bachelor’s degree in Computer Science, Information Technology, or related field and 10 years of relevant experience or a Masters Degree and 6 years.
• Experience in some of the following tools and technologies: EDR and SIEM
• The ability to take the lead on incident research and mentor junior analysts
• Understanding of MITRE ATT&CK and D3FEND
• Knowledge of advanced attacker tools, techniques, and procedures (TTP)
• Current malware campaigns TTPs
• Experience with malware analysis
• Experience with digital forensics tools and case procedures
• Knowledge of enterprise architecture including zero trust principles
• Knowledge of Windows and Linux file systems
• Common phishing techniques and how to investigate them
• Proficiency in technical writing
• Experience in customer service or client-facing roles
• Experience presenting and speaking to leadership
• The ability to mentor Tier 1 and Tier 2 analysts

Desired:

• Previous SOC or incident response experience
• Working knowledge of regex and scripting languages is highly preferred
• Additional relevant certifications such as those from GIAC or CompTIA
• Experience with major cloud service provider offerings
• Knowledge of offensive security tools and techniques
• Experience with cyber threat intelligence gathering and analysis
• Experience with cyber threat hunting

Clearance: Active Secret Clearance required

Certification: DoD 8570 IAM/IAT Level II certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.

Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.