IT Security Analyst

Who We’re Looking For (Position Overview):

Spry Methods is on the search for an IT Security Analyst to join our team in Herndon, VA. This position requires you to go into the office at least once a week (subject to change based on business needs).

Position Summary:

The main function of an IT Security Analyst is to plan, coordinate, and implement security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction or disclosure of information. A typical IT Security Analyst is responsible for planning, coordinating and implementing security measures to safeguard the computer database. Job Responsibilities: Identify security issues and risks, and develop mitigation plans . Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles . Develop and interpret security policies and procedures . Participate in security compliance efforts . Develop and deliver training materials and perform general security awareness and specific security technology training . Evaluate and recommend new and emerging security products and technologies . Qualifications: Bachelor's degree in a technical field such as computer science, computer engineering or related field required. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security . Consistent implementation of security solutions . Experience in infrastructure or application-level vulnerability testing and auditing.

What You Need to Succeed (Minimum Requirements)

• 5+ years in general technical cybersecurity experience.
• 3+ years’ experience in detection engineering, threat hunting, or incident response.
• Experience in operationalizing cyber threat intelligence into high-fidelity detection logic.
• Experience in systematically developing detection logic and adversarial TTP testing against said logic following formalized detection engineering lifecycle.
• Highly proficient in analyzing logs from various sources, such as endpoints, applications, network appliances, and cloud environments.
• Strong technical understanding of cybersecurity fundamentals at the network, protocol, and host levels.
• Experience with MITRE ATT&CK and/or D3FEND frameworks.
• Strong experience with SIEM platforms.
• Ability to proactively and systematically hunt for threats using investigative tools, techniques, and user behavior analysis.

Ideally, You Also Have (Preferred Qualifications):

• Offensive security experience – conducting red team operations and/or penetration tests.
• DevOps experience and/or building/maintaining cloud environments using infrastructure as code.
• Strong ability to translate cyber and technical issues and topics into risk-informed business language ..