Cyber Security Analyst
Boston Government Services, LLC (BGS) · Knoxville Metropolitan Area · 3 wk ago
Information TechnologyFull-time
Duties/Responsibilities
- Resetting user passwords for cause (e.g., when they have been identified as being suspected compromised or 'known compromised').
- Working with service owners to reset service account passwords for various reasons.
- Ensuring authorizers are designated for in-scope accounts.
- Analyzing usage patterns for accounts (e.g., service, administrative) to identify inactive accounts or inappropriate account use.
- Reviewing approval requests for various new access or accounts.
- Triaging unusual access requests (e.g., access from 3rd party VPN providers, impossible travel) or phishing reports.
- Evaluating endpoint and detection response (EDR) installation and coverage.
- Identifying systems without EDR and providing to IT teams for remediation.
- Monitoring external attack surface for unapproved systems, undocumented systems, and newly disclosed vulnerabilities.
- Reviewing systems with existing public access to ensure requirements for these systems are followed (e.g., event logging, multifactor authentication).
- Attending online/Teams meetings with team and others as appropriate.
- Working with team to provide status on current tasks, suggest improvements, discuss implementation, etc.
Requirements
- 1–3 years in a SOC, cyber security 'blue team', or closely related role.
- A strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP).
- Windows/Linux/macOS fundamentals; Active Directory/Azure AD concepts; basic cloud logging.
- Experience with at least one SIEM and one EDR/XDR platform.
- Experience with ticketing/case management.
- Ability to craft queries using common languages; comfort with regex, JSON and APIs; basic scripting in Python/PowerShell/Bash.
- Excellent analytical, problem-solving, and communication skills both with stakeholders, peers, and internal customers; able to operate under pressure in a shift or on-call environment.
- Must be a U.S. citizen.
- Successful drug screening.
Preferred Qualifications
- 3–5 years relevant experience including investigations, data analysis, and detection tuning.
- Comfort using Splunk Processing Language (SPL), CrowdStrike EDR, and ServiceNow.
- Experience with SOAR tools and automation development.
- Experience using identity security/management tools (e.g., Entra ID, Active Directory, Shibboleth, CrowdStrike Identity Protection).
- Cloud security experience (e.g., CloudTrail/GuardDuty, Azure Defender/M365, GCP Security Command Center).
- Basic forensics skills and network analysis fundamentals (host triage, timelines, artifact analysis, packet/PCAP review).
- Understanding of the Cyber Security Framework (CSF) and NIST 800-53 controls.