Senior Security Analyst

MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. 

Our relationship with you is for the long run because your success is our success. We invest in your success through fantastic benefits (healthcare, generous PTO, paid parental leave, and tuition reimbursement, to name a few). 

Beyond just excellent pay and benefits, you’ll want to work here for reasons that can’t be written into an offer letter—the challenge, growth opportunities, and most important: the culture of a company that cares about you. 

A position at MPG promises you 

• A diverse organization 
• A safe workplace with zero tolerance for discrimination or harassment of any kind  
• A balanced work life. Seriously.  
• A stable, established, and growing business
• A leadership team focused on your professional growth and development

This position is contingent upon contract award. MindPoint Group is seeking a Security Analyst where you will support the cybersecurity program through monitoring, analysis, and resolution of various continuous monitoring capabilities to include but not limited to Vulnerability Management, Endpoint Detection and Response (EDR), Security Information Event Management (SIEM), and additional threat monitoring agents. The analyst will support an enterprise program engaging with stakeholders to drive the security program for an exciting mission.

• Cybersecurity work related to operating systems, application, logging and monitoring, NIST/FISMA compliance, remediation, and patch management
• Monitor system configuration to ensure that the systems are operating effectively. Resolve any issues and problems, following documented procedures and playbooks
• Responsible for the implementation of security policies, controls, and the technologies that support the enterprise (e.g., malware, anti-virus, remote access)
• Investigate potential anomalous behavior and intrusion attempts
• Leverage aggregated cyber logs, network flow, and anomaly data for analysis, research, and the identification of potential compromise within infrastructure or applications
• Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce the exposure to cyber risks
• Support the development and maintenance of documented playbook procedures
• Perform application updates, patches to the scoped components for the tools (e.g., the application layer components)
• Properly track and account for configuration items identified in accordance with the Configuration Management Plan, including both standard and enterprise-wide change management procedures
• Perform and distribute Vulnerability Scans to appropriate Information System personnel assigned the role of application, infrastructure or database administrator. This includes application, code or operating system scans
• Track and resolve findings at the assigned level of criticality in accordance with requirements set in the Vulnerability Management Plan and NIST guidance on minimum security controls

• Top Secret clearance (SCI eligible) is strongly preferred but will consider exceptional candidates who are Public Trust eligible
• Minimum of six years as a Security/Network Administrator or equivalent knowledge
• Bachelor's degree in a technical field from an accredited college/university or equivalent experience (Computer Science preferred)
• Understanding and experience with CSAM
• Experience with security tools such as vulnerability management tools (Nessus, Retina), configuration management (Bigfix, SCCM, EPO), endpoint detection (antivirus, ATP), data loss prevention, and intrusion detection software and hardware
• Familiar with the use of data analysis tools (Excel or PowerBI)
• Familiar with multi-tiered network applications, common ports, and protocols used in those communications, the Common Vulnerability System (CVS), and the exploitation mechanisms of common vulnerability types (e.g., buffer overflows, cross-site scripting, SQL injection)
• Ability to perform online research and comprehend attack signatures while comparing them to network traffic to perform a proper analysis of detections
• Ability to use common tools such as Wireshark to examine network traffic
• Familiarity with protocols commonly used in commercial networks, such as Server Message Block (SMB), Remote Procedure Calls (RPC), Hypertext Transfer Protocol (HTTP) and Structured Query Language (SQL)
• Ability to perform Splunk queries to examine and query log data from the Enterprise Logging as a Service system

Work Environment

• While this position is fully remote, preference will be given to candidates who reside in the Washington, DC area. For candidates outside of the Washington, DC area, travel up to 10% to Washington, DC area will be required post COVID.

• All your information will be kept confidential according to EEO guidelines.
• Equal Opportunity Employer Veterans/Disabled