PlanIT Group, LLC
Threat Management Specialist (Tier 2)
PlanIT Group, LLC, Reston, Virginia, United States, 22090
Position Details
Position 1 – Hours: 3:30 pm to 11:30 pm ET, Days off: Tuesday and Wednesday
Position 2 – Hours: 11:30 pm to 7:30 am ET, Days off: Saturday and Sunday
The Tier 2 Analysts perform deep‑dive incident analysis by correlating data from various sources and determine if a critical system or data set has been affected.
They handle incidents as defined in playbooks and SOPs, advise on remediation actions, and provide input on how to leverage AI, ML, and SOAR capabilities to improve CSOC efficiency and accuracy.
Key Responsibilities
Identify cybersecurity problems that may require mitigating controls
Analyze network traffic to detect exploit or intrusion attempts
Recommend detection mechanisms for exploit and intrusion attempts
Provide subject‑matter expertise on network‑based attacks and intrusion methodologies
Escalate items requiring further investigation to other members of the Threat Management team
Execute operational processes to support response efforts to identified security incidents
Utilize AI/ML‑based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence
Perform threat intelligence analysis to assess risk and adapt defenses using ML‑enhanced tools
Manage email security using ProofPoint, monitor for threats, and respond promptly to attacks
Configure Splunk for log analysis, create alerts, and investigate security incidents
Set up FirePower for network monitoring, analyze traffic patterns, and enforce security measures
Deploy Sentinel 1 agents, monitor alerts, and conduct security assessments
Monitor, review, and respond to security alerts across Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud SCC
Detect and analyze threats, investigate suspicious activity, coordinate incident response, and implement remediation actions
Tune security policies, maintain visibility in cloud and endpoint environments, and support continuous improvement of the security posture
Stay current on the latest cybersecurity trends, threat actors, and AI/ML research
Identify and support automation use cases, including AI/ML to enhance SOC capabilities
Collaborate across Operations to provide SOC enhancement through automation and AI
Qualification Requirements
3+ years IT security experience with exposure to AI/ML projects
2+ years experience in network traffic analysis
Strong working knowledge of Boolean logic, TCP/IP fundamentals, network‑level exploits, threat management, and control frameworks
Excellent oral and written communication and interpersonal skills
Strong understanding of IDS/IPS technologies, architectures, and signature creation
Experience with cloud security (AWS, Azure, GCP)
Hands‑on experience with cybersecurity automation (e.g., SOAR platforms)
Proficiency in using machine‑learning frameworks for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity
Skills in data analysis and feature engineering for large datasets (logs, network traffic)
Familiarity with AI/ML techniques in cybersecurity and evaluation of AI/ML solutions in a SOC environment
Experience identifying and implementing automation use cases
Experience
8–12 years relevant experience
Degree from an accredited college or university in the applicable field; if not, an additional 4 years of related experience is required
Independently performs functional duties
Relevant certifications desired (GIAC Certified Enterprise Defender, GIAC Security Essentials, CISSP, SSCP)
Seniority Level
Mid‑Senior level
Employment Type
Contract
Job Function
Other
Industries
Defense and Space Manufacturing, Software Development, and Armed Forces
#J-18808-Ljbffr
Position 1 – Hours: 3:30 pm to 11:30 pm ET, Days off: Tuesday and Wednesday
Position 2 – Hours: 11:30 pm to 7:30 am ET, Days off: Saturday and Sunday
The Tier 2 Analysts perform deep‑dive incident analysis by correlating data from various sources and determine if a critical system or data set has been affected.
They handle incidents as defined in playbooks and SOPs, advise on remediation actions, and provide input on how to leverage AI, ML, and SOAR capabilities to improve CSOC efficiency and accuracy.
Key Responsibilities
Identify cybersecurity problems that may require mitigating controls
Analyze network traffic to detect exploit or intrusion attempts
Recommend detection mechanisms for exploit and intrusion attempts
Provide subject‑matter expertise on network‑based attacks and intrusion methodologies
Escalate items requiring further investigation to other members of the Threat Management team
Execute operational processes to support response efforts to identified security incidents
Utilize AI/ML‑based tools and techniques to detect anomalies, automate incident triage, and improve threat intelligence
Perform threat intelligence analysis to assess risk and adapt defenses using ML‑enhanced tools
Manage email security using ProofPoint, monitor for threats, and respond promptly to attacks
Configure Splunk for log analysis, create alerts, and investigate security incidents
Set up FirePower for network monitoring, analyze traffic patterns, and enforce security measures
Deploy Sentinel 1 agents, monitor alerts, and conduct security assessments
Monitor, review, and respond to security alerts across Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud SCC
Detect and analyze threats, investigate suspicious activity, coordinate incident response, and implement remediation actions
Tune security policies, maintain visibility in cloud and endpoint environments, and support continuous improvement of the security posture
Stay current on the latest cybersecurity trends, threat actors, and AI/ML research
Identify and support automation use cases, including AI/ML to enhance SOC capabilities
Collaborate across Operations to provide SOC enhancement through automation and AI
Qualification Requirements
3+ years IT security experience with exposure to AI/ML projects
2+ years experience in network traffic analysis
Strong working knowledge of Boolean logic, TCP/IP fundamentals, network‑level exploits, threat management, and control frameworks
Excellent oral and written communication and interpersonal skills
Strong understanding of IDS/IPS technologies, architectures, and signature creation
Experience with cloud security (AWS, Azure, GCP)
Hands‑on experience with cybersecurity automation (e.g., SOAR platforms)
Proficiency in using machine‑learning frameworks for anomaly detection, threat intelligence, and behavioral analysis in cybersecurity
Skills in data analysis and feature engineering for large datasets (logs, network traffic)
Familiarity with AI/ML techniques in cybersecurity and evaluation of AI/ML solutions in a SOC environment
Experience identifying and implementing automation use cases
Experience
8–12 years relevant experience
Degree from an accredited college or university in the applicable field; if not, an additional 4 years of related experience is required
Independently performs functional duties
Relevant certifications desired (GIAC Certified Enterprise Defender, GIAC Security Essentials, CISSP, SSCP)
Seniority Level
Mid‑Senior level
Employment Type
Contract
Job Function
Other
Industries
Defense and Space Manufacturing, Software Development, and Armed Forces
#J-18808-Ljbffr