Cyber Threat Analyst in Blue Ash, OH at Booz Allen Hamilton

Date Posted: 3/5/2018

Job Snapshot

Job Description

Job Number: R0024688

Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise.

Cyber Threat Analyst

Key Role:

Work as a member of a 24x7x365 threat intelligence center responsible for identifying malicious threat actors, thwarting hackers, and preventing data breaches, acting as a security advocate for clients, conducting highly detail-oriented work that involves performing security threat analysis and working with clients to remediate security issues, validating and characterizing threats, collaborating with others, when needed, and performing daily incident detection and response operations. Collect host-based artifacts, perform forensic analysis to determine if the asset has been compromised, identify compromised computers using logs, live response, and equivalent computer-centric evidence sources, provide peer review of both signatures for development and resulting threat detections, and provide input on new detection strategies and remediation guidance to clients. Form accurate and precise real-time host-centric analysis, including live response or digital forensics or malware analysis or log-centric analysis, as needed, analyze and assess security incidents and escalate them to client resources or appropriate teammates or internal teams for additional assistance, present analysis to other analysts for review, fine tuning, and feedback, and work with the threat intelligence team to fine tune signatures and assist the incident response team with the incident response process. This position requires the ability to conduct initial light travel of approximately 10% with up to 50% travel per movement within the organization.

Basic Qualifications:
-3+ years of experience with IT
-Ability to document findings to report or escalate Cyber incidents to clients and management clearly and concisely
-Ability to work a Panama Schedule day shift from 6 am – 6 pm in a 24x7x365 environment
-Ability to work well both independently and in a team environment and be a self-starter
-Ability to document findings to report or escalated Cyber incidents for clients and management clearly and concisely

Additional Qualifications:
-Experience with network-centric analysis (NSM)
-Experience in deploying and scripting detection solutions with Bro-ID
-Experience with host-based detection and prevention suites, including McAfee EPI, OSSEC, Yara, MIR, CarbonBlack, and Tanium
-Experience with IT infrastructure, including system or application vulnerabilities and exploitation and operating systems, including Windows, *Nix, and Mac
-Knowledge of Splunk and other SIEM technologies
-Knowledge of scripting or programming, including Python, Perl, or C
-Knowledge of APT, Cyber Crime, and other associated tactics
-Possession of excellent critical thinking and problem-solving skills
-Possession of excellent analytical skills
-Possession of excellent oral and written communication skills
-BA or BS degree or 2 years of experience in a professional work environment

Integrating a full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems by their side to help them achieve their missions.  Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/Disability/Vet.


Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.