Job Description
Job DescriptionSalary: $100,000 - $117,000
SR. CYBER DEFENSE ANALYST
Position Description
JOB TYPE: Full-time
WORK LOCATION: Onsite in Martinsburg, WV. Candidates must reside in WV to be considered for this position.
ABOUT: QMS Consulting (QMS) is an Education Technology (EdTech) and Information Technology (IT) Consulting firm specializing in Cybersecurity / Data Protection, Cloud Lifecycle, Software Development and Data Science. QMS seeks a cybersecurity specialist to work within a dynamic and highly innovative security operations center team that supports federal government customers. The Senior Cyber Defense Analyst will serve as a vital leader in the design, development, and operations of advanced cybersecurity monitoring and detection.
In this role, you should be technically sound, detail oriented with the ability to lead tasks and ensure high-quality service delivery. Critical thinking and problem-solving skills are essential for this position.
JOB RESPONSIBILITIES: Sr. Cyber Defense Analyst responsibilities include:
- Configure monitoring tools to detect threat actor techniques and/or behavioral indicators
- Craft custom search queries using Splunk (SPL), as well as Microsoft Defender for Endpoint and Microsoft Sentinel (KQL)
- Provide subject matter expertise to support security detections in one of the following areas:
- Cloud technologies. SaaS, Identity and access management. Networking, Splunk and EDR
- Map security detections to the MITRE ATT&CK Framework
- Research and develop configuration recommendations to facilitate operationalization of new data sources for detection of adversarial activities
- Use machine learning and pattern analysis to improve detection of specific types of threats
- Collaborate effectively with cross-functional teams, including incident response, forensics, threat intelligence, IT, and network administrators
- Clearly communicate technical information and detection-related updates to management and stakeholders
- Develop and operationalize advanced security analytics to detect and respond to sophisticated cyber threats in near real-time
- Develop and implement detection feedback processes - e.g., tuning false positives, decommissioning, etc.
- Ensure completeness and consistency regarding data quality of detections
- Monitor the performance of security analytics and automation processes regularly, identifying areas for improvement and taking proactive measures to enhance their efficacy
- Leverage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate detection and incident response, including enrichment, containment, and remediation actions
- Support the operationalization of new security detections, including building reference documentation, investigation guidelines, and tuning considerations
- Stay informed about the latest cybersecurity threats, trends, and best practices
- Actively participate in cybersecurity exercises, drills, and simulations to improve incident response understanding
This list of responsibilities may not be all-inclusive and can be expanded to include other duties or responsibilities as required by the business.
QUALIFICATIONS AND REQUIRED EXPERIENCE: Sr. Cyber Defense Analyst requirements include:
- 8+ years of experience supporting large-scale IT related projects
- 4+ years of experience supporting incident response in an enterprise-level Security Operations Center (SOC)
- A deep understanding of cybersecurity principles, incident response methodologies, and a proactive mindset to ensure the SOC operates effectively in a high-pressure environment
- Strong experience with security technologies including SIEM, IDS/IPS, EDR, and network monitoring tools
- Experience with security focused cloud-native tooling such as Azure Sentinel and AWS GuardDuty
- Experience with enterprise ticketing systems like ServiceNow
- Excellent analytical and problem-solving skills
- Ability to work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight
- Ability to function in multiple capacities and learn quickly
- Strong verbal and written communication skills
- Bachelor's degree in computer science, cybersecurity, information technology, or a related field (or equivalent work experience)
- The following GIAC certifications are preferred: GCFE and/or GCIH
- One of the following GIAC, Microsoft and Splunk certifications are acceptable: GLCD, GCDA, Microsoft Identity and Access Administrator Associate, Microsoft Security Operations Analyst, Microsoft Endpoint Administrator Associate and Splunk Power User
SALARY:
$100,000 - $117,000
BENEFITS: health benefits, holidays and PTO
We are an equal opportunity employer. Our policy is to always provide equal opportunity without regard to race, color, religion, sex, pregnancy, national origin, ancestry, age, marital status, sexual orientation, family responsibility, physical or mental disability, medication, or status as a veteran.