T1 AS&W Analyst – Night Back

The Department of Homeland Security (DHS) Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent identify contain and eradicate cyber threats to CBP networks through monitoring intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN) commercial Internet connection public facing websites wireless mobile/cellular various cloud environments security devices servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems and collects investigates and reports any suspected and confirmed security violations.

Primary Responsibilities:

Shift schedule: 7pm-7am Thursday-Saturday every other Wednesday.

• Conduct log analysis and triage in support of incident response.

• Recognize attacker and APT activity tactics and procedures as indicators of compromise (IOCs) that can be used to improve monitoring analysis and incident response.

• Develop and build security content scripts tools or methods to enhance the incident investigation processes.

• Work with key stakeholders to implement remediation plans in response to incidents.

• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff and leadership.

• Flexible and adaptable self-starter with strong relationship-building skills

• Strong problem-solving abilities with an analytic and qualitative eye for reasoning

• Ability to independently prioritize and complete multiple tasks with little to no supervision

• Emphasis on ability to succinctly and accurately capture technical details and summarize findings for less technical audiences.

Basic Qualifications:

• Bachelors degree in Computer Science Engineering Information Technology Cyber Security or related field.

• Minimum of two years of professional experience in incident detection response and remediation.

• Minimum of one (1) but two (2) preferred years of specialized experience in one or more of the following areas:

• Email security

• Digital media forensic

• Monitoring and detection

• Incident Response

• Vulnerability assessment and pen test

• Cyber intelligence analysis

• Extensive experience analyzing and synthesizing information with other relevant data sources providing guidance and mentorship to others in cyber threat analysis and operations

• Evaluating interpreting and integrating all sources of information and fusing computer network attack analyses with counterintelligence and law enforcement investigations.

• Experience with aggregating and creating daily weekly and monthly reports with emphasis on communication skills to accurately convey technical concepts to various audiences.

• Must be a US Citizen.

Required certifications:

The candidate should have at minimum ONE of the following certifications:

• CompTIA Advanced Security Practitioner

• (CASP)

• CompTIA Cloud

• CompTIA Network

• CompTIA Security

• CompTIA Linux

• CompTIA Cyber Security Analyst (CySA)

• CompTIA Linux Network Professional (CLNP)

• CompTIA Pentest

• CompTIA A

• CompTIA Cybersecurity Analyst (CySA)

• CompTIA Server

• GSEC Security Essentials

• GCIH Incident Handler

• GCIA Intrusion Analyst

• GCFA Forensic Analyst

• GPEN Penetration

• GWAPT Web Application Penetration Tester

• GCFE Forensic Examiner

• CEH Certified Ethical Hacker

• CHFI Computer Hacking Forensic Investigator

• CSA EC Council Certified SOC Analyst (Previously ECSA EC-Council Certified Security Analyst)

• ECIH EC-Council Certified Incident Handler

• CNDA Certified Network Defense Architect

Preferred Qualifications:

• Ability to coordinate and communicate well with team leads and government personnel

• Provide weekly status reports and requested documentation

• Experience in cyber government and/or federal law enforcement

• Experience with the Cyber Kill Chain and MITRE ATT&CK framework

Clearance:

All Department of Homeland Security CBP SOC employees are required to favorably pass a 5-year (BI) Background Investigation