Location: Knoxville, TN
Title: Cyber Analyst III
Schedule (FT/PT): Full Time
Travel Required: 0 - 25%
Clearance: Ability to Obtain

Due to Executive Order 14042, you may be required to provide proof of COVID19 vaccination to qualify for this position.

North Wind Group companies (North Wind) are small business leaders in the environmental, engineering, construction, and technical consulting industries. Our wide-ranging capabilities allow us to self-perform nearly all aspects of any given work scope, providing our customers with significant cost savings. North Wind Group is a government contracting holding entity that includes 16 subsidiary companies: General Nuclear Operations, North Wind Construction Services, North Wind Dynamics, North Wind Environmental Consulting Services, North Wind General Contractors, North Wind, Inc., North Wind Infrastructure & Technology, North Wind Portage, North Wind Resource Consulting, North Wind Services, North Wind Site Services, North Wind Solutions, Portsmouth Mission Alliance, Silver Mountain Construction, Weldin Construction, and LBYD Engineers, Inc. The North Wind companies share the same proven corporate infrastructure that has been in place for more than 20 years. This group of companies provides significant flexibility and diversity, enabling us to effectively meet and exceed customer requirements and expectations.

Job Description

The Cyber Analyst III is a trusted technical advisor working closely with the organization/client to provide proactive support assistance to reduce or prevent security issues from occurring on the corporate/client network. The Cyber Analyst III will administer and maintain security measures focused on application, web, and infrastructure security for the organization/client. The Cyber Analyst III is responsible for working with key contacts at multiple levels of the organization to identify and align business and IT security objectives. The Cyber Analyst III will provide security analytics and assistance with security support requests.

Key Responsibilities

• Conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats


• Perform investigation and escalation for complex or high severity security threats or incidents


• Serve as an escalation resource and mentor for other analysts


• Work with SIEM tools to develop and refine correlation rules


• Work on complex tasks assigned by leadership, which may involve coordination of effort among level I/II/III analysts


• Coordinate evidence/data gathering and documentation and review Security Incident reports


• Assist in defining and driving strategic initiatives


• Define tool requirements to improve SOC capabilities


• Understanding of the cyber Kill Chain and MITRE ATT&CK and experience applying them to defensive operations


• Experience analyzing packet captures to identify malicious activity


• Fluency in common network protocols including TCP/IP, DNS. TLS, HTTP


• Malware reverse engineering experience a big plus including tools used.


• Phishing email attack analysis to include extraction of links and/or files to determine what the attacker is trying to gain.

Responsibilities

• Monitor, respond to, and analyze security alerts from monitoring tools.


• Provide technical guidance / recommendations to the organization to enhance their overall security posture within the managed products. Handles daily incidents; monitors, tracks, analyzes and records.


• Work with vendors, outside consultants, and other third parties to improve information security within the organization.


• Responds to security related tickets and works collaboratively with the client to assist in resolving security events.


• Work with other IT professionals to resolve fast moving vulnerabilities such as spam, virus, spyware and malware.


• Monitor security vulnerability information from vendors and third parties.


• Create Weekly and Monthly Status Reports, including daily technical task reports and contract deliverables.


• Proactive Threat Hunting using industry tools and existing IDS systems.


• Advanced Forensics skills to evaluate current malware and phishing threats.

Qualifications

• Strong written, verbal and non-verbal communication skills, especially conveying complex information in an understandable manner.


• CISSP, CISA or GIAC certification is a plus.


• A minimum of 5 years of experience working with Microsoft Active Directory.


• Experience in Azure and M365 is preferred.


• Analyze and resolve complex technical and business problems.

Job/Experience Requirements

• Must have proficient knowledge with three or more of the following technologies: Application / stateful / UTM firewalls; SIEM; DLP; Web content filtering; Web application firewalls (WAF); Vulnerability scanning and penetration testing; IPS/IDS; Security Operations Center operations; Wireless Networking; Linux, Windows Server Operating Systems; Endpoints and Malware


• Knowledge with NIST, FISMA.


• Knowledge of Windows server platforms.


• Knowledge of VMware and VM server platforms.


• Working knowledge of analyzing IIS, SQL, firewall, IPS/IDS, Windows.


• Web and mail logged events.


• Ability to analyze IANA assigned ports (well known, registered, dynamic and private ports).


• Ability to troubleshoot common network devices, network vulnerabilities, and network attack patterns.


• Ability to troubleshoot Windows Event IDs.


• Interact with all levels of management.


• Make decisions based on many variables.


• Manage multiple tasks/projects simultaneously.

Education and Certification Requirements

• Minimum of Bachelor's Degree in computer science, telecommunications management, electrical engineering, or a related field or have 4 years of experience.


• Advanced network and systems certifications such as CCNP, CCNA and CISSP, are preferred.


• Other industry certifications such as ITIL and Microsoft are a plus.

Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. The nature of those accommodations will be determined on a case-by-case basis. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact our Helpline +1.208.528.8718 or use the Request for Reasonable Accommodation form to get assistance.

North Wind is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, religion, or other legally protected status. All qualified applicants will receive consideration for employment without regard to their protected veteran status and will not be discriminated against on the basis of disability.

Proof of citizenship will be required as a condition of employment.