Intrusion Analyst Intern/Co-Op, Morphick Threat Intelligence Center

Managed Security Services, Cincinnati, OH USA

The Intrusion Analyst will be part of a dynamic, growing team, planning, preparing, hunting for, and responding to cyber incidents stemming from internal and external threat actors. You’ll perform your work as a SOC Analyst where you will be responsible for identifying malicious threat actors, thwarting hackers, and preventing data breaches. You will work the industry’s leading security technology at your fingertips to analyze security events, prioritize, investigate, and contain incidents.

Responsibilities

  • Perform host-centric analysis (live response, digital forensics), malware analysis, and/or log-centric analysis (SIEM) as needed
  • Communicate findings to customers and management
  • Perform daily incident detection and response operations with a schedule that may involve non-traditional working hours
  • Identify compromised computers using logs, live response, and related computer centric evidence sources
  • Regularly collect host-based artifacts and perform forensic analysis of those artifacts to determine if the asset has been compromised
  • Work with Intel team to fine tune signatures
  • Assist the IR team in the incident response process

Desired skills

  • Excellent verbal and written communication skills
  • Strong analytical skills and the ability to clearly and concisely document findings to report and/or escalate cyber incidents to customers and management
  • Network-centric analysis (NSM) experience, and deploying and scripting detection solutions with Bro-IDS a plus.
  • Familiarity with scripting / programming (Python, Perl, C, etc.)
  • An understanding of APT, Cyber Crime, and other associated tactics
  • Experience with host based detection and prevention suites (McAfee EPO, OSSEC, Yara, MIR, CarbonBlack, Tanium, etc.)
  • Experience with host-centric tools for forensic collection and analysis (SleuthKit, Volatility Framework, FTK, Encase, etc.)
  • Experience with network forensics and/or network security monitoring (NSM) tools (Snort, Bro-IDS, PCAP, tcpdump, etc.) and analysis techniques (alert, flow/session and PCAP analysis)
  • Any experience with malware and reverse engineering is a plus (dynamic and static analysis)
  • Strong IT infrastructure background including familiarity with the following
    • Networking (TCP/IP, UDP, routing)
    • Applications (HTTP, SMTP, DNS, FTP, SSH, etc.)
    • Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.)
    • System/application vulnerabilities and exploitation
    • Operating systems (Windows, *Nix, and Mac)
    • Cloud technology (SaaS, IaaS, PaaS) and associated digital forensics and incident response techniques
  • Working knowledge of secure communication methods, including Secure Shell, S/MIME and PGP/GPG
  • Relevant technical and industry certifications are a plus, e.g., GIAC certifications

Qualifications

  • Working to obtain a bachelor’s degree in computer science or a related technical degree

Eligibility Requirements

  • Must be willing to work different shifts, including swing (2nd shift) and 3rd shift hours in a 24/7/365 environment.

Morphick only employs those who are legally authorized to work in the United States for this opening. Employment is conditioned upon the successful completion of a background investigation and drug screen.

View All Careers