Cyber Defense Shift Lead

Description & Requirements

At Maximus, we're proud to be celebrating our 50th year in business, with strong financial performance - including $1.4B in revenue this quarter and 15% growth in our Federal services group.

We've also been recognized as a Washington Post Top Workplace and a VETS Indexes 5 Star Employer in 2024..

Maximus is seeking a Senior Level Cyber Defense Analyst/Intrusion Detection Team Shift Lead for an onsite position in Washington, DC (near Union Station).

This is a regular shift (Mon-Fri) role.

Becoming part of Maximus means joining a team that offers:



* A generous annual allowance for education or professional certification



* Free access to robust certification and training programs to help you grow your career



* Strong career path with support for internal mobility



* A collaborative, respectful work environment with supportive leadership



* Comprehensive benefits, including medical/dental/vision, paid time off, and more

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS058, T4, Band 7

Job-Specific Essential Duties and Responsibilities:

- Work with intrusion analysts to identify, report, and coordinate the remediation of cyber threats for the client.

- Deliver timely and actionable sanitized intelligence to cyber incident response teams.

- Apply technical knowledge of computer systems, networks, and cyber threat information to evaluate the client's security posture.

- Perform intelligence analysis to assess intrusion signatures, tactics, techniques, and procedures associated with cyber attacks.

- Investigate hackers, their methods, vulnerabilities, and exploits, and provide detailed briefings and intelligence reports to leadership.

Job-Specific Minimum Requirements:

- Bachelor's degree and a minimum of 8 years of total experience in cybersecurity.

Additional professional experience may be considered in lieu of a degree.

- Of those 8 years, at least 7 years must include hands-on experience in security intrusion detection and analysis using technologies such as WANs, IDS/IPS/HIPS systems, server/web log analysis, and raw data log review.

- At least 5 of the 8 years must be at a senior level (including mentoring/guiding/reviewing junior staff in investigations and analysis).

- Deep knowledge of incident triage and root cause analysis.

Led investigations of cyber alerts and incidents.

Determination of attack vector.

- Determination of action to be taken based on event/incident.

Risk analysis.

- Expertise involving log and console event analysis, including use of Splunk as SIEM.

Sysmon log analysis.

Use of Grep preferred.

- Wireshark network analysis including protocol triage.

- Experience with firewall ACLs, Snort-based IDS events, PCAPs, and web server logs analysis.

Additional Job-Specific Minimum Requirements:

- Must have hands-on Splunk SIEM experience, including a minimum of 2 years leading a cybersecurity or security operations shift team.

- Advanced certification s...