Obsidian Global

Cyber Threat Analyst (CBP SOC - Day & Night Shift Available)

Security Analyst in Alexandria, VA

Posted 2019-10-15

Cyber Security Analyst
DHS (Customs and Border Protection) Security Ops Center
Alexandria, VA

Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates and reports any suspected and confirmed security violations.

The ideal candidate will have an advanced understanding of multiple Operating Systems, monitoring and detection techniques and methods, and Incident Response Lifecycle. The candidate must be familiar with the operation of common protocols, network intrusion detection systems, and endpoint detection and response tools. Experience using PowerShell, Python, or Bash to automate common tasks is highly preferred.

• Utilize state of the art technologies such as host forensics tools such as Encase, Endpoint Detection & Response tools, log analysis (Splunk) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data.
• Conduct log analysis and triage in support of incident response.
• Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis and incident response.
• Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.
• Work with key stakeholders to implement remediation plans in response to incidents.
• Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership.
• Use Network and Host based tools to monitor and detect potential threats and unauthorized activity across Windows, Unix, Cloud, and Mobile devices.
• Perform forensic and memory analysis on Windows, Unix, Mobile, and Cloud devices and infrastructure.
• Develop and update security content such as IDS signatures. SIEM queries, alerts, and dashboards, Standard Operating Procedures, and other detection and mitigation measures.
• Identify network visibility and technology gaps to make recommendations to improve the organizations overall security posture.
• Automate procedures and develop code to eliminate repetitive manual tasks.
• Collaborate and coordinate with other entities within and outside the SOC.
• Active Secret (Top Secret clearable)
• 3+ years of experience in the areas of incident detection and response, remediation malware analysis, or computer forensics.

• Ability to script in one more of the following computer languages Python, Bash, Visual Basic or PowerShell
• Insider Threat
• Digital media forensic
• Monitoring and detection
• Incident Response

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Company summary

Obsidian Global is a small federal IT Services firm experienced at developing solutions for government clients. We are headquartered in Washington, DC with offices in Bethesda and Colorado. We have 120+ employees nationwide and are ISO and CMMI certified.


In addition to traditional small business healthcare benefits and 401K, we offer an online training platform to increase your skills and certifications for growth. We believe in personal development and good work/life balance. We host happy hours, sporting events, and holiday parties throughout the year. We also partner with event sites, gyms, and other perks to pass along corporate savings to our employees.

Interview process

Most candidates go through an initial phone screening with the recruiter, then either a phone interview or in-person interview followed by an offer.

Be seen in a new Security Analyst job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.