• Cyber Intelligence Analyst

    Job Location US
    Posted Date 2 weeks ago(2/10/2020 12:40 PM)
    Job ID
    Clearance Requirement
    Top Secret
  • Overview

    Design. Disrupt. Repeat.

    Be an agent of change on a team committed to achieving client-focused, mission-driven excellence. Steampunk is looking for an experienced Cyber Analyst with an appetite for taking on new challenges.


    Who We Are

    Steampunk is the explosive collision of human-centered design and traditional government contracting. An employee-owned company with a startup mindset and time-tested approaches tailored for the federal government, we’re passionate about creating solutions that are impactful, practical, scalable, and most importantly, that meet our clients’ ever-changing needs.


    At Steampunk, we believe in disrupting the status quo and setting the pace in the ecosystem of government contractors, while repurposing tried-and-true methodologies. We believe in empowering our people to find creative solutions to intractable problems. We believe the best environment in which to grow and thrive is outside our comfort zone.


    While good design makes for a good product, we believe human-centered design makes for an excellent one.


    We also believe effective teams are powered by diverse perspectives, backgrounds, and experiences. To that end, Steampunk is an equal opportunity employer committed to promoting diversity of race, gender, sexual orientation, religion, ethnicity, national origin, disability status, and protected veteran status, amongst our ranks.  Additionally, we participate in the E-Verify program.


    Why Steampunk?

    Our people are the very core of what we do; their expertise and hunger for new and exciting challenges fuel our relentless pursuit of mission success. As part of our team of “Punks,” you’ll test the status quo, explore new boundaries, and set the bar high for how government clients expect to engage with contractors.

    Because we value our employees’ work/life balance (and believe those who work hard deserve to play hard), we offer a very competitive benefits package, including telework/flex scheduling, health/dental with orthodontics/vision insurance upon hire, paid time off with a sell-back benefit and carryover option, 11 Federal Holidays, 100% paid military leave, 100% 401(k) plan match upon hire, professional development/education reimbursement, all flexible spending accounts, and more



    The Cyber Security Analyst should be experienced, inquisitive and able to research new highly technical subjects.


    • Analyze raw data sources to extract, institutionalize, and document actionable events
    • Document the flow of data and identify multiple distinct data sources where suspicious behavior can be identified – must also be able to identify supplemental sources where similar data may be found
    • Investigate and identify the root cause behind security incidents – to include all stages of the cyber kill chain as appropriate
    • Communicate and collaborate with colleagues to investigate incidents
    • Investigate incidents both from a network and host/application level
    • Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation
    • Monitor, track and communicate reported events for numerous different security platforms, operating systems, databases, and management systems.
    • Perform regular continuous monitoring of events across platforms, operating systems, databases, and management systems.
    • Improve and implement indicators and protections across platforms, operating systems, databases, and management systems.
    • Generate reports on a scheduled basis to document findings and remediation efforts, to include recommendations to the system owners.
    • Design and implement dashboards and reports; create rapid prototypes
    • Work with the system owners to remediate security issues derived through external and internal assessments.
    • Develop processes to proactively address security risks and develop reporting dashboards in security systems to continuously track progress.
    • Work in an Integrated Operations Center with other business units to assist in incidents on behalf of CyberSecurity



    • Bachelor’s degree in related field (i.e., Computer Science, Information Systems Management)
    • 5+ Years of relevant IT security related work experience and 7+ years of overall work experience
    • 2+ years using Splunk to conduct network forensic analysis and network security monitoring.

    Desired Skills:

    • Concepts of TCP/IP, network fundamental, network security, NetFlow and knowledge of tools such as Wireshark and Snort IDS
    • Knowledge of Bro and Security Onion.
    • Knowledge of Fireeye’s product suite such as EMP and HX.
    • A solid understanding of the current threats and tactics being used to attack systems, such as ransomware and phishing analysis.
    • Ability to develop, document, and maintain use cases through Splunk or other SEIM technologies
    • Working knowledge of the Windows Operating System with the ability to identify common and unexpected processes, network events, etc.
    • Ability to generate a record of an investigation within an incident ticketing/tracking system
    • Ability to safely handle a potentially malicious file and perform basic analysis
    • Proficiency in writing Regular Expressions to extract data in Splunk via search-time and index-time extraction
    • Experience supporting the full lifecycle of indicators of compromise and signature process, to include development of security documentation;
    • Ability to communicate effectively, both orally and in writing, with information technology professionals, and technical and non-technical users;
    • Certified Information Systems Security Professional (CISSP), Cisco Certified Network Administrator (CCNA), Checkpoint Certified Security Administrator (CCSA), and/or Checkpoint Certified Security Expert (CCSE) certification(s) is a plus.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed