1(737)781-3448 MMansur@redbluesec.org
  • Full Time
  • Anywhere
  • Applications have closed



  • Monitoring client networks for signs of adversarial activity
  • Respond to alerts from various monitoring systems and platforms
  • Triage potentially malicious events to determine severity and criticality of the event
  • Analyze network traffic using a variety of analysis tools in support of service objectives
  • Monitor security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment
  • Analyze malicious artifacts obtained from network monitoring with a focus on generation of threat intelligence and service improvement
  • Identify, develop, and implement new detections and mitigations across the services platforms
  • Communicate and collaborate with the analyst team for situational awareness
  • Follow detailed processes and procedures to analyze and escalate critical information security incidents; these procedures vary from customer to customer
  • Apply structured analytical methodologies to maximize threat intelligence growth and service efficacy
  • Directly contribute to the continued technical enhancement of the services platforms, analysis tradecraft, and development of team skills and expertise
  • Contribute to the continued evolution of services capabilities and processes


  • 2+ years of technical experience supporting enterprise-scale cyber defense, monitoring, analysis, or threat intelligence missions OR 3+ years of experience with computer network administration
  • Hands-on experience with log collection and analysis, network and host monitoring platforms, and various analysis tools including McAfee ESM, HP ArcSight, IBM QRadar, Splunk, Symantec Security Analytics, Wireshark, Vortex, Suricata or Snort, LaikaBOSS, Bro, or others
  • Experience analyzing logs for indicators of compromise, collected from various network monitoring devices such as firewalls, IDS/IPS, web proxies, email filters, etc.
  • Experience applying structured analytical frameworks, e.g. LM Cyber Kill Chain®, The Diamond Model, LM Intelligence Driven Defense®, Pyramid of Pain, etc.
  • Experience defining and refining operational procedures, workflows, and processes to support analyst team in consistent, quality execution of defensive mission
  • Functional knowledge of at least one scripting languages (Python, perl, bash, etc)
  • Familiarity with Linux CLI tools (awk, sed, jq, etc)


  • Technical 2-year degree (Computer Science, Information Security, Information Technology, IT Management)
  • CompTIA Network+/Security+ or CEH or GIAC GSEC


  • $90,000 – $130,000 p/a (inc. annual bonus)
  • Full health, dental and vision insurance
  • 401k plan
  • 2-4 weeks paid vacation (depending on experience)