Research National Laboratory seeks to hire a Junior Cyber Security Analyst to immediately support their Defensive Cyber Operations (DCO) team. This position’s primary responsibility is to conduct event triage in a tiered operational security model while training in and supporting vulnerability management and threat intelligence tasks.
Responsibilities:
- Support the DCO environment in identification and analysis of threats in Security Incident and Event Management (SIEM) alerts, dashboards, and queries
- Resolve or escalate alerts/events/incidents as defined in DCO service level agreements according to level of severity
- Help develop advanced queries and alerts to detect adversary actions and compile detailed investigation and analysis reports for internal DCO consumption, and for delivery to management
- Work with the Emerging Threat team to capture intelligence on threat actor tactics, techniques, and procedures (TTPs) and leverage automated and manual countermeasures in response
- Field customer requests for support ranging from potential phishing events to abnormal system activity
- Triage reports from DOE entities, CISA, and external penetration testers, and coordinate resolution with ORNL system administrators in keeping with BOD 18-01, 19-02, and 22-01 requirements
- Analyze suspicious links and attachments in a secure malware analytics platform as part of a comprehensive phishing analysis procedure
- Triage malware and anomalous activity alerts generated by an EDR system
- Associate’s degree in Computer Science or related field with 1-2 years of Cyber Operations work experience or an equivalent amount of education and experience
- Experience with ServiceNow, JIRA ServiceDesk, or other ticketing system
- Relevant certifications (GSEC, Security+, CEH, etc) preferred
- The position requires eligibility to obtain a DOE security clearance. Candidates with an Active Q Clearance or Top-Secret Clearance are a plus