Cyber Defense Analyst (Sr. SOC)

What You'll Do The Cyber Defense Analyst (Senior SOC) will investigate, analyze, and respond to cyber incidents within the Y12 network environment or enclave. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Perform cyber defense incident triage, determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Perform real‑time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Track and document cyber defense incidents from initial detection through final resolution. Coordinate with intelligence analysts to correlate threat assessment data. Perform cyber defense trend analysis and reporting. Additional responsibilities as necessary. What You Can Expect Meaningful work and unique opportunities to support missions vital to national and global security. Top‑notch, dedicated colleagues. Generous pay and benefits with a stable organization. Career advancement and professional development programs. Work‑life balance fostered through flexible work options and wellness initiatives. Bachelor’s degree in engineering/science discipline – Minimum of 2 years of relevant experience. Master's degree in engineering/science discipline – No experience required. Ten or more years of relevant education, training and/or progressive experience may be considered to satisfy educational and years of experience for this posting. Preferred Job Requirements Knowledge of cyber threats and vulnerabilities, and what constitutes a network attack. Knowledge of cyber‑attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of intrusion detection methodologies and techniques for detecting host and network‑based intrusions. Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense‑in‑depth). Ability to perform network traffic and packet‑level analysis. Ability to recognize and categorize types of vulnerabilities and associated attacks. Strong problem‑solving and communication skills (both orally and in writing). Ability to handle sensitive situations with discretion and maintain confidentiality. Knowledge of adversarial tactics, techniques, and procedures. Ability to apply techniques for detecting host and network‑based intrusions using intrusion detection technologies. Experience using security event correlation tools, analytics or SIEM correlation experience, skillset, or background. Experience protecting a network against malware (e.g., NIPS, anti‑malware, restrict/prevent external devices, spam filters). Knowledge of malware analysis concepts and methodologies. Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of application security risks. Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list). Knowledge of network services and protocol interactions that provide network communications. Knowledge of cloud service models and how those models can limit incident response. Knowledge of incident response and handling methodologies. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. Two years of relevant professional experience or five years of cyber incident response experience in an enterprise network environment. Eligibility & Clearance Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required. This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712), which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence‑scope polygraph examination. This position may be categorized as a “designated position” identified by 10 C.F.R. Part 709, requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence‑scope polygraph examination. Equal Opportunity Employment CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race, color, religion, sex, sexual orientation, national origin, protected veteran status or disability. #J-18808-Ljbffr Consolidated Nuclear Security