6,173 Intrusion Detection jobs in the United States

GovCIO is currently hiring for Senior Cyber Intrusion Detection Analyst for 5th   shift work (7am-7pm Saturday + Sunday, Friday 11pm to 7am and Tuesday 7am to 3pm)  in the Washington, DC and will be a hybrid remote position.

• Respond to cyber incidents, including responding to SOC IR phone calls and SOC emails
• Act as a Subject Matter Expert in investigations for potential incidents identified by SOC Tier I & II analysts and Shift Lead
• Investigate phishing and self-identified potential cyber threats (phishing emails sent to the SOC)
• Work with SOC federal staff and Incident Handlers to analyze, triage, contain, and remediate security incidents
• Participate regularly in SOC Splunk engineer working group sessions, to include idea generation for new content rules for security alerting and reduction of false positives. Collaborate across the SOC organizational lines with Threat Hunt and Security Intelligence, while developing depth in your desired cyber discipline and/or technologies
• Follow Federal IRP, SOC SOPs and other prudent documentation procedures in order to work and be effective while having an eye towards process improvement/effectivity
• Knowledgeable on multiple technology and system types
• Able to articulate the incident response lifecycle
• Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches
• Detect, collect and report cybersecurity incidents
• Experience detecting and remediate malicious codes
• Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate contractor and federal stakeholders
• Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings
• Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents
• Support and help the Cyber Workforce Development Lead, go through tickets analyzing security annotations on documented incidents

• Bachelor's with 8+ years of cybser security experience (or commensurate experience)
• 6+ years intrusion detection examination experience (or commensurate experience)
• 6 years of security intrusion detection examination experience involving a range of security technologies that produce logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; the ability to communicate clearly both orally and in writing.
• Working experience with Splunk SIEM.
• At least 3 years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments.
• Candidate must have one or more advanced certification, including but not limited to: CERT Certified Computer Security Incident Handler, CEH Certified Ethical Hacker, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals
• Clearance Required:Ability to maintain a Public Trust clearance

GovCIO is a team of transformers--people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.

But we can't do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer?

What You Can Expect

Interview & Hiring Process

If you are selected to move forward through the process, here’s what you can expect:

• During the Interview Process
• Virtual video interview conducted via video with the hiring manager and/or team
• Camera must be on
• A valid photo ID must be presented during each interview

• During the Hiring Process
• Enhanced Biometrics ID verification screening
• Background check, to include:
• Criminal history (past 7 years)
• Verification of your highest level of education
• Verification of your employment history (past 7 years), based on information provided in your application

Employee Perks

At GovCIO, we consistently hear that meaningful work and a collaborative team environment are two of the top reasons our employees enjoy working here. In addition, our employees have access to a range of perks and benefits to support their personal and professional well-being, beyond the standard company offered health benefits, including:

• Employee Assistance Program (EAP)
• Corporate Discounts
• Learning & Development platform, to include certification preparation content
• Training, Education and Certification Assistance*
• Referral Bonus Program
• Internal Mobility Program
• Pet Insurance
• Flexible Work Environment

*Available to full-time employees

Our employees’ unique talents and contributions are the driving force behind our success in supporting our customers, which ultimately fuels the success of our company. Join us and be a part of a culture that invests in its people and prioritizes continuous enhancement of the employee experience.

We are an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.

Posted Pay Range

The posted pay range, if referenced, reflects the range expected for this position at the commencement of employment, however, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, education, experience, and internal equity. The total compensation package for this position may also include other compensation elements, to be discussed during the hiring process. If hired, employee will be in an “at-will position” and the GovCIO reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, GovCIO or individual department/team performance, and market factors.

GovCIO is currently hiring for Senior Cyber Intrusion Detection Analyst for 5th   shift work (7am-7pm Saturday + Sunday, Friday 11pm to 7am and Tuesday 7am to 3pm)  in the Washington, DC and will be a hybrid remote position.

• Respond to cyber incidents, including responding to SOC IR phone calls and SOC emails
• Act as a Subject Matter Expert in investigations for potential incidents identified by SOC Tier I & II analysts and Shift Lead
• Investigate phishing and self-identified potential cyber threats (phishing emails sent to the SOC)
• Work with SOC federal staff and Incident Handlers to analyze, triage, contain, and remediate security incidents
• Participate regularly in SOC Splunk engineer working group sessions, to include idea generation for new content rules for security alerting and reduction of false positives. Collaborate across the SOC organizational lines with Threat Hunt and Security Intelligence, while developing depth in your desired cyber discipline and/or technologies
• Follow Federal IRP, SOC SOPs and other prudent documentation procedures in order to work and be effective while having an eye towards process improvement/effectivity
• Knowledgeable on multiple technology and system types
• Able to articulate the incident response lifecycle
• Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches
• Detect, collect and report cybersecurity incidents
• Experience detecting and remediate malicious codes
• Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate contractor and federal stakeholders
• Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings
• Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents
• Support and help the Cyber Workforce Development Lead, go through tickets analyzing security annotations on documented incidents

• Bachelor's with 8+ years of cybser security experience (or commensurate experience)
• 6+ years intrusion detection examination experience (or commensurate experience)
• 6 years of security intrusion detection examination experience involving a range of security technologies that produce logging data; to include wide area networks host and Network IPS/IDS/HIPs traffic event review, server web log analysis, raw data logs; the ability to communicate clearly both orally and in writing.
• Working experience with Splunk SIEM.
• At least 3 years of experience working at a senior level, performing analytics examination of logs and console events and creating advance queries methods in Splunk or advance Grep skills, firewall ACL review, examining Snort based IDS events, Pcaps, web server log review, in SIEM environments.
• Candidate must have one or more advanced certification, including but not limited to: CERT Certified Computer Security Incident Handler, CEH Certified Ethical Hacker, CISSP, GCIH Certified Incident Handler, GISF Information Security Fundamentals
• Clearance Required:Ability to maintain a Public Trust clearance

GovCIO is a team of transformers--people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.

But we can't do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer?

What You Can Expect

Interview & Hiring Process

If you are selected to move forward through the process, here’s what you can expect:

• During the Interview Process
• Virtual video interview conducted via video with the hiring manager and/or team
• Camera must be on
• A valid photo ID must be presented during each interview

• During the Hiring Process
• Enhanced Biometrics ID verification screening
• Background check, to include:
• Criminal history (past 7 years)
• Verification of your highest level of education
• Verification of your employment history (past 7 years), based on information provided in your application

Employee Perks

At GovCIO, we consistently hear that meaningful work and a collaborative team environment are two of the top reasons our employees enjoy working here. In addition, our employees have access to a range of perks and benefits to support their personal and professional well-being, beyond the standard company offered health benefits, including:

• Employee Assistance Program (EAP)
• Corporate Discounts
• Learning & Development platform, to include certification preparation content
• Training, Education and Certification Assistance*
• Referral Bonus Program
• Internal Mobility Program
• Pet Insurance
• Flexible Work Environment

*Available to full-time employees

Our employees’ unique talents and contributions are the driving force behind our success in supporting our customers, which ultimately fuels the success of our company. Join us and be a part of a culture that invests in its people and prioritizes continuous enhancement of the employee experience.

We are an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.

Posted Pay Range

The posted pay range, if referenced, reflects the range expected for this position at the commencement of employment, however, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, education, experience, and internal equity. The total compensation package for this position may also include other compensation elements, to be discussed during the hiring process. If hired, employee will be in an “at-will position” and the GovCIO reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, GovCIO or individual department/team performance, and market factors.

Are you ready to apply cutting-edge technologies to solve real world problems? Do you thrive in an environment where people leverage technology and processes to build innovative and sustainable solutions? You might just be a perfect fit for the CDO team. Since 1995, CDO Technologies has delivered the best solutions for unique business problems in the commercial and federal sectors ranging from Asset Management to IT Services. CDO employees demonstrate integrity, embrace teamwork, and embody a Can Do attitude in the delivery of superior customer service.

Location: Joint Base Andrews, MD

Position Summary:

Install, configure, administer, manage, maintain/update and provide VIIDS support and repairs required to keep critical VIIDS systems and components fully operational.

Responsibilities Include:

• Provide Tier 2 and Tier 3 support for VIIDS.
• Ensure the VIIDS as a whole and all hardware and software components kept updated and meet or exceed all applicable industry and Government standards and regulations.
• Maintain and keep current any relevant documentation for all VIIDS.
• Provide onsite emergency support to resolve any issues within 1 hour of notification by the customer to include outside normal duty hours.
• Prepare and maintain project planning documentation, create and maintain network maps/diagrams, and presentation materials.
• Provide a written monthly status report on the VIIDS repair and maintenance activities.
• Prepare and maintain a comprehensive written disaster recovery plan for the VIIDS.
• Perform comprehensive quarterly maintenance visits/inspections and provide a written report within 5 business days of the visit/inspection and resolve any deficiencies found within 30 business days.
• Provide training, as requested.

Minimum Qualifications Required:

• Years of Experience: 3+ years of experience in network design and administration and have advanced understanding of server maintenance and operation.
• Certifications Required: IAT Level 2 certification, such as Security+ CE or CCNA Security
• Clearance: Top Secret Security Clearance with capability of being upgraded to Yankee White.

What can a CDO employee expect?

At CDO Technologies, we believe in taking care of our employees with a comprehensive benefits package. Our health and welfare benefits include two medical plan options along with a LiveHealth program to see a doctor online anytime day or night. CDO offers dental, vision, and a Flexible Spending Account for medical or childcare. Employees may also enroll in a 401(k) plan with their first paycheck. Full-time employees also receive company paid short- and long-term disability and life insurance. We also provide tuition reimbursement, professional development, and certification reimbursements. Finally, CDO also offers employees a generous leave program including paid holidays, vacation, and sick leave. CDO's total compensation for each position is set within an established range. The final compensation will be determined by demonstrated skills and experience.

CDO is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

• Use existing tools to conduct automated vulnerability assessments
• Interpret and risk assess scan results from software applications, cloud resources, and infrastructure systems
• Collaborate with various teams within to assist with prioritization of vulnerabilities and ensure remediation occurs within the expected timelines
• Ensure all detected vulnerabilities either from manual or automated testing process are accurately logged and tracked in a ticketing system to facilitate remediation, leadership metrics reporting, and audit readiness
• Bring an AI-first mindset; be able to identify and act upon opportunities to automate vulnerability analysis and prioritization, as well as administrative tasks, while improving the quality of the output to help developers achieve remediation as easily as possible.
• Perform validation testing of remediated vulnerabilities using automated testing tools and manual testing techniques such as with python scripting or otherwise
• Research and analyze vulnerabilities to determine their true risk to Client, considering factors such as exploitability, asset exposure, business impact, and compensating controls
• Apply cyber risk quantification techniques to analyze vulnerability severities
• Create and maintain metrics and dashboards using data from the ticketing system or other sources to support reporting to various stakeholders across Client.
• Assist with security audits and compliance initiatives related to vulnerability management

Monitor their organizations networks for security breaches and investigate a violation when one occurs

Install and use software, such as firewalls and data encryption programs, to protect sensitive information

Prepare reports that document security breaches and the extent of the damage caused by the breaches

Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited

Research the latest information technology (IT) security trends

Develop security standards and best practices for their organization

Recommend security enhancements to management or senior IT staff

Help computer users when they need to install or learn about new security products and procedures

Job Type

Full-time

Description

About us:

ConnectOne Bank proves that putting people first is a better way to do business. At ConnectOne, we're builders - of businesses, communities, and equity. Most importantly, we're building opportunities. Our mission is to ensure our employees feel empowered to make important decisions, reach their potential and truly make an impact.

ConnectOne is a growth organization by design; it is part of our DNA and we take pride in seeing our employees grow with us. Founded in 2005 by an entrepreneur, we have grown into a high-performing commercial bank, inspiring a new model for our industry's future. By embracing technology and all the ways it can help us become a world-class service organization, we support small business owners by fueling their mission.

People First is the blueprint for our culture. It is at the foundation of everything we do and the decisions we make. At ConnectOne, you have the opportunity to be a part of a dynamic culture and team. Develop your forward-thinking skills, thrive in an entrepreneurial setting, and succeed at "a better place to be".

ConnectOne Bank is an Equal Housing and Equal Opportunity Lender, and a member of the Federal Deposit Insurance Corporation.

About this role:

The purpose of this role is to support the core mission of ConnectOne Bank to achieve the highest standards of information risk and cyber security within the Bank. The information security analyst will plan, implement, upgrade and monitor security protocols for the protection of the Bank's network & information.

In this role you will:

• Support the Bank's "People First" focus and rules of engagement-maintaining a professional demeanor, working as an active member of the CNOB team, providing all clients excellent service, always striving to make CNOB "A Better Place to Be".
• Collaborates with users to discuss computer data access needs, to identify security threats and violations, and to recommend needed programming or process changes.
• Develops and implements plans to safeguard digital data from accidental or unauthorized medication, destruction, or disclosure & adheres to emergency data processing needs.
• Reviews violations of security procedures, provides training to ensure violations do not recur.
• Monitors and restricts access to critical, confidential or other high-security data.
• Modifies security files and applications as able and vital to provide specialized access, allow new software to be installed or integrated or correct errors.
• Performs risk assessments, audits and test to ensure proper functioning of data processing activities and security measures.
• Safeguards system security and improves overall server and network efficiency by training user and promoting security awareness.
• Resolves when to update virus protection systems by supervising current reports of computer viruses, facilities or performs needed updates.
• Performs other related duties as assigned.

• Strong "People First" interest and ability
• Bachelor's Degree in computer science, programming, or a related field or equivalent experience required
• Knowledge and experience in the following information/cyber security areas:

• Demonstrates problem-solving and analytical skills.
• Proficient, or able to gain proficiency with a broad array of security software applications and tools.
• Thorough understanding of computer-related security systems including firewalls, encryption, and password protection and authentication.
• Must be proficient communicating across all levels of the organization as well as building successful relationships.
• Excellent verbal and written communication skills and organized with attention to detail.

• Three years of consistent record in computer systems with some specialization in computer security highly preferred.

• World class health, vision, and dental benefits on day one
• 401k with employer match
• Hybrid work from home (depending on role)
• Employee appreciation events (team building, softball games, food truck days, etc.)
• Employee assistance programs (EAP)
• Wellness programs (flu shot, preventive care, health programs and services discounts, etc.)
• Tuition reimbursement
• Employee Discount perks
• CNOB Community Service Events