Resp & Qualifications
The Lead Intrusion Analyst is responsible for analizing various alerts and alarms within the CyberSecurity Infrastructure. This position is also responsible for review and appropriate disposition of security tickets generated from the enterprise. The incumbent will monitor data from various sources including, firewalls, intrusion prevention systems and other security infrastructure components. The incumbent will research security events to determine severity and perform incident triage as necessary, while engaging appropriate CSIRT members to resolve the security incident.
PRINCIPLE ACCOUNTABILITIES: Under the direction of the Manager, CyberSecurity Operations, the incumbent is responsible for, but is not limited to, the following:
Duties And Responsibilities
Required Education and Experience:
Degree or equivalent experience: BA/BS or higher in CyberSecurity, Information Technology, Networking, Computer Science, MIS or related field
Years of experience: minimum 5 years of demonstrated work experience. (Additional experience may be substituted for educational requirement.)
Specialized training (preferred, but not required): Security Information and Event Management platforms such as ArcSight, QRadar or Nitro. Commercial or Open Source Intrusion Prevention Systems. Malware analysis tool. Linux or Unix administration. Forensic analysis and Penetration Testing.
Other requirements (preferred, but not required):
GCIA (GIAC Certified Intrusion Analyst), GCIH (GIAC Certified Incident Handler)
GPEN (GIAC Certified Penetration Tester)
OSCP (Offensive Security Certified Professional)
CISSP (Certified Information Systems Security Professional)
Fornesic certifications highly desirable
Required Skills and Abilities:
Must be able to effectively work in a fast paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate with both technical and non-technical individuals.
Incumbent must have a firm understanding of Information and/or Cyber Security principles. The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.
• Hands-on experience with Sourcefire/Cisco IPS, Snort, Suricata or similar
• Ability to write IPS signatures for Sourcefire/Snort IPS
• Thorough understanding of networking at the packet level
• Familiarity with Wireshark/Tshark, tcpdump, and BPF filters
• Understanding of binary protocols such as DCE/RPC2
• Understanding of anomaly-based detection schemes
• Experience with advanced malware defenses (FireEye, FireAMP, etc.)
• OSINT collection and analysis
• Familiarity with one or more popular scripting languages (Perl, Python, Ruby, PowerShell.) Preferrably Python.
• Familiarity with Bro NSM or similar
• Knowledge of standard incident response frameworks
• Vulnerability triage and assessment
• Basic/intermediate level malware reverse engineering (binaries, malicious documents, etc.)
• Exploit development experience
• Write complex queries and triggers for QRadar, Sourcefire/Cisco (correlation rules), etc. in order to automate alerting
• Experience deploying, maintaining and monitoring honeypots and honeynets
• Active defense and cyber deception
• Understanding of APT attack patterns and methodologies
• Familiarity with QRadar, Splunk or other SEIM
• Experience with database security such as Guardium, Imperva or native Oracle tools.
• Familiarity with commercial Network-Based Anomaly Detection systems (Stealthwatch, etc)
• Familiarity with advanced malware protection (FireEye, FireAMP, etc.)
• Tune and configure sensor policies
• OSINT collection and analysis
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Please apply before: 12/9/2020
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship