Job Details
Senior Cyber Defense Analyst
Candidates must be U.S. citizens and able to obtain and maintain a government clearance.
Z FEDERAL is seeking a full-time Cyber Defense Analyst to support our federal client. This role provides subject matter expertise across insider risk tool suite with 3+ years using Splunk.
Responsibilities Include but not limited to:
- Assist in maturing an Insider Risk Program's operational support, including the development of playbooks and workflows for monitoring against potential insider risks, developing detection use cases, and conducting incident analysis.
- Assist in maturing an Insider Risk Program's operational support, including the development of playbooks and workflows for monitoring against potential insider risks, developing detection use cases, and conducting incident analysis.
- Implement federal government and industry standards and best practices regarding insider risk programs, including development and maintenance of OCISO programmatic gap analyses and implementation roadmaps.
- Assist in the creation of Gap Analysis on current tool usage for the Insider Risk program and make recommendations based on industry best practices and client organization.
- Develop and maintain a convergence model for insider risk mitigation that reduces risk to client's personnel and assets.
- Develop and improve insider risk modeling that leverages Splunk User Behavior and Entity Analytics (UEBA), Data Loss Prevention (DLP), Splunk Enterprise Security (ES), Microsoft Purview, Machine Learning, and automated solutions in place.
- Develop and expand situational playbooks that leverage client's automated capabilities.
- Leverage excellent interpersonal skills to coordinate with client's business and technology leaders to develop and maintain programmatic solutions to insider risk.
- Lead and assist in the investigation of all incidents involving insider risk.
Minimum Qualifications- 2+ years of investigations work experience involving insider risk investigations, security incident response, technical investigations, intellectual property investigations, and/or financial fraud investigations
- 3-5+ years of experience in Splunk UEBA and/or Splunk Enterprise Security
- 7+ years of experience in Cyber Security domain
- Technical Splunk experience is required. Proficiency with tools such as Splunk (UBA, ES and SOAR).
- Experience thriving in a heavily regulated environment
- Experience in Splunk content development and Splunk Search Processing Language (SPL)
- Knowledge of Machine Learning (ML) and how it applies to Insider Risk programs.