Incident Detection Analyst

Description Tyto Athene is searching for an Incident Detection Analyst to support our customer in Washington, DC. Responsibilities Accurately review, annotate, and resolve security incidents tasked by the Intrusion Detection Team, Watch Officer, SOC management or other SOC teams 24 hours a day, 7 days a week, which is subject to change based on AOUSC needs. Conduct Incident Triage to prioritize newly identified security incidents for follow‑on action. Identify all relevant data sources for initial collection to determine prioritization and resource application based on the criticality of the incident and conduct immediate actions to evaluate and contain threats as necessary in accordance with the Judiciary Security Operations Center Incident Response Plan (JSOCIRP), Incident Response Operations Guide, and any other published SOC operations guides and manuals. Please see SLA SOC3. Perform deep dive analysis (manual and automated) of malicious links and files. Ensure efficient configuration and content tuning of shared SOC security tools to eliminate or significantly reduce false alert events. Provide Executive Summary in accordance to IDT Operations Guide. Provide 5W briefing slides for each event for leadership briefing. Provide on‑demand time/trend/event based metric reports for SOC management. Provide clear and actionable event notifications to customers. Notifications to customers will be clear and provide sufficient detail for a mid‑level system or network administrator to understand what has occurred and what needs to take place to remediate the event. Coordinate and provide direct support to local incident responders at the circuit, local court unit and program office levels. Provide notifications, guidance and end‑to‑end incident response support to local incident responders to ensure that the appropriate actions are properly taken to detect, contain, eradicate and recover from identified security incidents. Coordinate with various other SOC teams to leverage the appropriate resources to enable local incident responders. Participate in course of action (COA) development and execution as necessary. Document all communications and actions taken in response to assigned incidents in the SOC ticketing system. Ensure tickets are properly updated in a timely manner and all artifacts are included. Escalate any concerns or requests through the Contractor management as necessary. Directly support the Judiciary Special Tactics and Active Response (JSTAR) team and provide incident response support for critical security incidents as they arise. Perform appropriate event escalation for events, notifications, and non‑responsiveness from customers. Contractors shall track all notifications in the SOC ticketing system and escalate tickets to Watch Officers or SOC management in cases where the customer is non‑responsive or requires clarification that is outside the scope of normal operations. Contractors will be familiar with the JSOCIRP escalation and reporting procedures. Continuously review and update the Incident Handlers (IH) Guide and provide recommendations for annual updates for the JSOCIRP. All SOPs and Op Guides are federal government property. Contract staff provide recommendations in draft form for federal management review, approval and adoption. Incident Responders must be able to perform the tasks and meet the skills, knowledge and abilities as described in NIST Special Publication 800‑181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework for the role of Cyber Defense Incident Responder. Qualifications Required 6 years of security intrusion detection examination experience involving a range of security technologies that produce logging data; to include wide area networks, host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs. Ability to communicate clearly both orally and in writing. Working experience with Splunk SIEM. At least three years of experience working at a senior level, performing analytics examination of logs and console events and creating advanced queries methods in Splunk or advanced Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments. Education/Certifications Bachelor's degree in information systems, Computer Science or related field is preferred. Splunk Fundamentals I & II certification. Clearance Public Trust Hours of Operation/Shift Monday‑Friday 3PM EST – 11:30PM EST Compensation Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above‑stated range. Benefits Health/Dental/Vision 401(k) match Paid Time Off STD/LTD/Life Insurance Referral Bonuses Professional development reimbursement Parental leave Equal Opportunity Statement Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any characteristic protected by applicable law. #J-18808-Ljbffr 6AM City, LLC