Anavationllc

Security Analyst/Incident Responder

Alexandria, VAfull timeunspecifiedgovernment

Incident Response — Splunk — CrowdStrike — Vulnerability Management — SIEM Administration — Nessus — Tenable Security Center — EDR Tools — Log Analysis — Qualys

Be Challenged and Make a Difference    In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture. 

Description of Task to be Performed:

AnaVation is looking for a Security Analyst (Incident Responder) to assist the client leadership with vulnerability management and incident response activities. The ideal candidate will be comfortable engaging with client leadership on a regular basis and interacting with senior level team members.

Responsibilities:

  • Lead and manage Incident Response (IR) activities to include triage, investigating, interviewing, resolving, and reporting on events. Creating, updating, and/or revising the IR Playbook and IR Plan.
  • Monitor, maintain and administer policies and rules within EDR and SIEM tools (e.g., Crowdstrike, Splunk).
  • Support and develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
  • Develop and implement defensive cyber best practice tactics, techniques, and procedures.
  • Maintain Incident Ticketing tracking system and related tickets within Remedy or other tracking tools.
  • Monitor and take action within multiple tools providing security functions such as vulnerability management (e.g., Nessus), configuration management (e.g., Tenable Security Center, IBM BigFix, SCCM), endpoint protection (e.g., antivirus, ATP), intrusion detection software and hardware.
  • Manage and perform Splunk queries to examine and query log data from the Enterprise Logging as a Service system and perform log analysis.
  • Ensure system and application logs are being sent to enterprise SIEM tool for log monitoring.
  • Conduct and manage vulnerability scans using Tenable SC and/or Qualys.
  • Analyze scan results, prioritize findings by risk and impact, coordinate with responsible parties for remediation and validate false positives.
  • Interacting with GRC tool (e.g., CSAM) to perform daily/weekly vulnerability analysis.
  • Creating and compiling weekly security metrics into dashboards and charts.
  • Presenting vulnerability analysis to system admins, system owners, and leadership.
  • Flexible with other security related tasks as needed by the customer.
This position is hybrid, with the potential for periodic onsite attendance at our customer location in Alexandria, VA. Applicants who do not currently reside within commuting distance should describe how they would satisfy this requirement. Remote status is subject to change at the customer’s direction.   This position requires a Public Trust