Network Security Analyst 0056ASistema Technologies Inc. • San Antonio, Colorado, United States
This job offer is no longer available
Network Security Analyst 0056A
Sistema Technologies Inc.
- San Antonio, Colorado, United States
- San Antonio, Colorado, United States
About
Responsibilities
Perform advanced incident response across Windows and Linux environments, including triage, containment, eradication, and recovery.
Conduct host‑based forensics, including log analysis, memory capture, file system review, and malware behavior analysis.
Serve as Incident Commander during cybersecurity events, coordinating actions, documenting decisions, and communicating with leadership and affected agencies.
Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings to MITRE ATT&CK.
Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring tools.
Produce incident reports, timelines, and executive summaries for statewide stakeholders.
Support multi‑agency response operations, including SLTT partners and critical infrastructure entities.
Provide recommendations for detection improvements, hardening, and long‑term mitigation.
Participate in post‑incident reviews, lessons learned, and playbook updates.
Maintain readiness for 24x7 response through on‑call rotation or surge support.
Candidate must be a U.S. citizen, pass required background checks, complete required cybersecurity, privacy, and operational training before gaining system access, and comply with TXCC security and data‑handling requirements. Occasional after‑hours support may be required with TXCC approval. Work must be performed from within the United States unless TXCC grants prior written approval.
Working Position The working position is Hybrid – On Site and Telework.
Minimum Requirements
5 Years Experience (Required): Advanced host‑based forensics across Windows and Linux, including memory, disk, and malware analysis, using telemetry from NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and reconstruct attacker activity.
5 Years Experience (Required): Ability to correlate host, network, and intelligence data from CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and NetWitness to build complete incident timelines.
5 Years Experience (Required): Experience producing high‑quality incident reports and executive summaries using evidence collected from Gravwell, NetWitness, Corelight, and case management workflows.
4 Years Experience (Required): Strong understanding of adversary TTPs, intrusion kill chains, and threat hunting methodologies using packet‑level and log‑level data from but not limited to Corelight, NetWitness, and CRIBL pipelines.
3 Years Experience (Required): Incident Commander experience.
1 Year Experience (Required): Experience supporting SLTT or critical infrastructure environments, including multi‑tenant IR operations and cross‑agency coordination.
Preferred Qualifications
5 Years Experience (Preferred): Proficiency with threat intelligence platforms, including Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant, to enrich investigations, validate indicators, and map activity to MITRE ATT&CK.
5 Years Experience (Preferred): Hands‑on experience using Cyware CSAP for incident orchestration, automated enrichment, case creation, and workflow execution across SIEM, IPS, EDR, and ticketing systems.
4 Years Experience (Preferred): Security Certifications Preferred (CISSP, CIH, Sec+).
#J-18808-Ljbffr
Languages
- English
Notice for Users
This job was posted by one of our partners. You can view the original job source here.