At Navy Federal, we are passionate about our members--they are our mission. We're looking for a talented, experienced information security professional to join our growing Cybersecurity Operations team as a senior threat analyst.
The Cybersecurity Operations Center is looking for a driven professional to help advance the program's strategic vision. You will also have the opportunity to work closely with the Focused Operations manager and lead the collaboration with other Information Security teams for adversary emulation and threat hunt operations.
• Maintain expert knowledge of advanced persistent threats tactics, techniques, and procedures (TTPs) as well as forensics and incident response practices • Identify and hunt for emerging threat activity across all internal/external sources • Lead development and implementation of test plans to perform adversary emulation for the purposes of threat hunt • Conduct advanced analysis of network and endpoint alerts from various sources within the enterprise and determine possible causes of such alerts • Drive the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave • Lead coordination with intelligence analysts to correlate threat assessment data • Conduct advanced analysis of log files, evidence, and other information to determine best methods for detection of a network intrusion • Drive process to perform event correlation within the enterprise to identify security architecture gaps • Conduct advanced examination of network topologies to understand how data flows through the network • Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities • Lead process to perform tier 3 static malware analysis • Establish standards, taxonomy, and processes for threat hunt and detections • Perform other duties as assigned
Required: • Advanced experience in cybersecurity and/or information technology (IT) security • Advanced knowledge of security architectures, firewalls, proxies, and network topology required • Advanced skill in developing and deploying signatures • Advanced skill in using security event correlation tools • Advanced skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort) • Advanced skill in using virtual machines; setting up malware analysis workstation • Outstanding communication skills for reporting complex technical situations to various audiences, including executive leadership and nontechnical staff. • Advanced research, analytical, and problem-solving skills • Advanced skill working with all levels of management, supervisors, stakeholders and vendors • Expert skill in collaborating with other teams on time-sensitive incidents • Advanced skill in evaluating test plans for applicability and completeness • Advanced skill in deep analysis of captured malicious code (e.g., malware forensics)
Preferred: • Advanced skill in identifying gaps in technical capabilities • Advanced skill in using binary analysis tools • Advanced skill in relevant programming languages (e.g., C++, Python, etc.) • Advanced skill in testing and evaluating tools for implementation • Advanced experience with security tools related to enterprise log management, IDP/IDS, antivirus, firewalls, proxies, DLP, forensic analysis and SIEM • CISSP, CISA, CCSP or other related Information Security certifications • Advanced knowledge of IT security standards and frameworks (e.g., MITRE ATT&CK ) • Advanced skill in analyzing audit log events for cloud technologies to facilitate development of cyber defense detections
Hours: Flexible within core office hours of Monday - Friday, 7:00 AM to 6:00 PM Eastern
*Due to COVID-19 and social distancing, this position will be temporarily working from home with plans to return to campus at the desired location listed once Navy Federal is back to normal operations. The specific logistics for returning to campus will be determined at a future date by individual leadership*