CRI Advantage is looking for a Remote Cyber Data Analyst to work with a small internal team in a Cyber Security Operations Technology Environment analyzing data, securing critical systems, and using SIEM tools in an effort for overall data integrity and oversight. Skillsets include Splunk, Docker, Ansible, SIEM, Gravwell, Linux, MITRE ICS (Industrial Control Systems), ELK and VM. The client is federal government involving national security, candidates must be US citizens. Clearances from DOE and DoD, DHS maintained for the work. The work is remote.





Below are some of the responsibilities:

Searching and assisting in standing up Gravwell

Creating Gravwell Dashboards and efficient searches for specific data with Operation Technologies data

Assisting in architecture of a Splunk instance

Automation of Ubuntu 18.04 administration using Ansible

Automation of UN*X servers using Ansible

Creating multiple Ansible automation playbooks in order to create individual user profile pertaining to the Security Policy

Assisting in building a Docker container for the CATT gateway in the DOE Cloud

Setting up multiple sandbox VMs for testing new tools

Ingesting ~7TB worth of OT data within a Splunk instance

Configuring and standing up of Splunk UFs

Configuring and standing up standalone Splunk Indexers

Configuring and standing up Splunk Searchhead and Splunk Deployment Server

Importing premade Splunk application into the new Splunk instance

Writing OT Data Analysis Technical Report

Hunting TTPs within the ICS Environment

Assisting in presentation of the Data Analysis of Utility data

Providing background and research on the difference between the ICS and Enterprise MITRE matrices

Providing maintenance and troubleshooting issues within the environment

Providing research of Software and Threat groups that have been identified on the MITRE ICS matrix

Assisting weaker team members during Analysis to help them ask a good question to the data and provided input to better their reports.

Training team members in how to work around the environment along with briefing them in the current implemented Security tools

Assisting in helping form the Security Policy within the environment

Participating in Splunk conferences

Participating in the DHS BIRT/HIRT training

Assisting in providing input on how to better optimize our current plan of analyzing OT data and ingestion within our SIEM solutions

Requirements

Candidates should possess a majority of the following or possess similar skill sets to those listed: SIEM, Splunk, VM, MITRE, Industrial Control Systems (ICS), and ELK.





US Citizen, preference provide for those with active clearances.