Our Deloitte AI & Engineering team to transform technology platforms, drive innovation, and help make a significant impact on our clients' success. You'll work alongside talented professionals reimagining and reengineering operations and processes that are critical to businesses. Your contributions can help clients improve financial performance, accelerate new digital ventures, and fuel growth through innovation.
Work You'll Do
The Cyber Analyst team member is responsible for the analysis of all technology devices which may include Operational Technology (OT) and Industrial Control Systems () as well as on-premises and cloud enterprise networks. This includes analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage.
An ideal candidate for this position will be a proactive self-starter who has experience with system administration, Windows and Linux operating systems (OS) mechanics including filesystem structures, disk and memory forensics, cyber aware Operational Technology or Control Systems operators, commonly used mechanisms for maintaining security persistence, privilege escalation, and lateral data movement, operating system log analysis, and triaging suspicious file artifacts for unusual behavior. This role requires a familiarity with what routine OS activities and common software/user behavior looks like in the context of forensic artifacts or timelines. Analysts should also be familiar with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint. Candidate will utilize the Cyber Kill Chain and synthesize the entire attack life cycle along with creating detailed reports on how impacts may or have occurred.
Support SOC team in operating and performing duties in a Security Operations Center (SOC) to provide a secure environment that facilitates monitoring, incident response, malware analysis, and threat hunting activities.
Develop and utilize analytics on the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices.
Asses Security Technical Implementation Guides (STIGs) compliance and completion.
Utilize asset mapping tools to verify connected inventory.
Handle Information Assurance Vulnerability Management (IVAM) notifications.
Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions.
Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency.
Conduct comprehensive technical analyses of computer evidence, research and integrate new security tools into the SOC, and synthesize findings into reports for both technical and non-technical audiences.
The Team
Deloitte's Government and Public Services (GPS) practice – our people, ideas, technology and outcomes—is designed for impact. Serving federal, state, & local government clients as well as public higher education institutions, our team of professionals brings fresh perspective to help clients anticipate disruption, reimagine the possible, and fulfill their mission promise.
Our Hybrid Cloud Infrastructure offering provides specialized engineering capabilities to design, implement, manage, and operate hybrid cloud environments, modernize networks and AI infrastructure from the core to the edge, and incubate new infrastructure and device services to help clients stay ahead with the latest technology advances.
Qualifications
Required:
Active Secret Clearance
Bachelor's degree in IT/Cybersecurity related field
1+ years of experience in security operations
Demonstrated experience with analytical duties and performing host or network security analysis
Proficient in analyzing cyber-attacks, with a deep understanding of attack classifications, stages, and system/application vulnerabilities
Applied knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and experience with tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center.
Capable of attack reconstruction based on network traffic, integrating Threat Intelligence, and familiar with MITRE ATT&CK framework, with the ability to collaborate effectively across multiple locations.
Ability to be onsite 100% of the time in Yokosuka, Japan
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Preferred (Desired):
Active Top Secret Clearance
Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)
Strong analytical and troubleshooting skills
Able to provide expert content development in Splunk Enterprise Security using tstats and data models
Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring
Information for applicants with a need for accommodation:
#J-*****-Ljbffr