View Our Website View All Jobs

Data Security Analyst (R&F)


  • Work collaboratively with the OS, CISO Operations, and OpDiv Teams to conduct event and incident investigations and correlations to discover existing threats.
  • Collect, analyze, and correlate security events and use discovered data to alert the customer of existing attacks.
  • Develop custom signatures and rules for emerging security threats.
  • Monitor signatures, rules, and parsers implemented on security enclave systems such as intrusion prevention/detection systems, full packet capture, or SEIM in response to new or observed threats
  • Establish and maintain indicators of compromise analysis and detection capability.
  • Monitor external and internal data sources to determine threat condition and determine which security issues may have an impact on the customer's organization.
  • Develop guidelines, custom signatures, and rules to detect emerging and advanced persistent threats.
  • Operate a forensic and malware analysis capability to respond to events and incidents, conduct malware analysis and support requests for forensics analysis.
  • Provide forensic support to incident response team activities for high and critical incident types involving malicious code and analysis of forensics data collected from disk and/or network traffic.
  • Operate a capability to secure media, evidence files, systems and information that is analyzed or retained as part of any forensic and malware analysis.
  • Develop and operate a secure malware and exploit testing capability segment
  • Provide digital forensics and malware reporting capabilities.
  • Develop a reporting process that covers why the system was reviewed, how the data was reviewed, and what conclusions can be supported by the data.
  • Develop templates and deliver operational and executive summary reports at the conclusion of each week, month or quarter.
  • Develop actionable cyber threat reporting and briefs based upon analysis and attribution work.
  • Provide briefings to customer and stakeholders on internal and external cyber threats as required.
  • Provide unclassified cyber threat information to be used for notifications and situational awareness campaigns disseminated by the HHS CSIRC.
  • Research and analyze threats and remediation techniques to include identifying tactics, techniques and procedures for existing and emerging adversaries.
  • Develop and maintain a vetted unclassified Indicators of Compromise repository.
  • Conduct research and provide classification verification activities.
  • Support cyber threat research, analysis, and monitoring activities.
  • Filter and classify cyber threat data so it can be leveraged by HHS CSIRC to identify potential indicators of compromise.
  • Develop and operate a secure malware and exploit testing capability segmented from the network. Provide community insight and cyber threat integration within the existing organization capabilities.
  • Foster, maintain, and support working relationships and investigation activities with HHS OSSI, OIG, and the Intelligence Community.
  • Participate in knowledge sharing with other analysts and develop customer solutions efficiently
  • Coordinate or participate in individual or team projects to ensure quality support for our clients
  • Perform other essential duties as assigned

Qualifications/Education requirements: 

  • Bachelor’s degree in a related field or additional 5 years directly relevant work experience required
  • 8 years of IT experience and at least 5 years directly related to the required area of expertise.
  • Must possess a Secret clearance or higher
  • Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting
  • Ability to identify and recommend mitigations for vulnerabilities, exploits, patches
  • Understanding of "attacker" methodologies and tactics, including kill-chain analysis
  • Familiarity with Advance Persistent Threat groups and Hacker activity 
  • Experience analyzing phishing attacks
  • Significant experience in network intrusion detection
  • Ability to read network logs and analyze network packet capture data
  • Experience creating specific mitigation tactics such as IDS signatures
  • Ability to perform malicious code reverse engineering
  • Ability to utilize common sandbox technology to perform dynamic malware analysis
  • Familiar with Data Privacy laws and the associated security requirements. 
  • Knowledge of cyber security methodology and security practices

Preferred Skills:

  • Experience producing reports and briefs on the current threat landscape and associated risks
  • Experience monitoring third party security-related websites, forums and social media sites for information regarding vulnerabilities and exploits
  • Experience conducting malware analysis
  • Familiarity with Splunk, Maltego, Qradar, ArcSight, Snort, Wireshark
  • Experience with reverse engineering and forensics
  • Experience using common sandbox technologies to perform dynamic malware analysis
  • Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and/or exploit tools
  • Programming skills a bonus: Python, Java, Perl, VB
  • CISSP, CEH, GPEN, OSCP or similar security certifications
Read More

Apply for this position

Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity / Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Veteran/Disability status