Overview of RAND
The RAND Corporation is a research organization that develops solutions to
public policy challenges to help make communities throughout the world safer and
more secure, healthier and more prosperous. RAND’s research and analysis address
issues that impact people everywhere, including security, health, education, sustainability,
growth, and development. Headquartered in Santa Monica, California, RAND has close
to 1,800 people from approximately 50 countries working in offices in North America,
Europe, and Australia, with annual revenues of more than $308 million.
is nonprofit, nonpartisan, and committed to the public interest. Our research
is sponsored by government agencies, charitable trusts, and community nonprofits.
In addition, we rely on philanthropic support to pursue visionary ideas; address
critical problems that are under-researched; shape emerging policy debates; and
devise innovative approaches for solving acute, complex, or provocative policy challenges.
RAND values objectivity and integrity in both its research processes and internal
interactions. We emphasize a collegial environment that respects the contributions
and dignity of all staff.
We are looking for an experienced and motivated network defender
to help us defend and protect against network intrusions and system compromises
at a globally respected research institution. This position reports to the
Information Security Operations Center (ISOC) Manager.
- Primary responsibilities of the ISOC Cybersecurity
Analyst will be monitoring RAND networks for attacks, malicious software and possible
intrusions and using our ticketing system to coordinate remediation of infected
- Monitor, investigate, analyze both raw and normalized network
traffic, correlate connected sequences of events, detect incidents, reconstruct
into timelines for analysis, identify malicious network activity, and generally
assist in conducting defensive cyberspace operations to protect our organization’s
network infrastructure and intellectual property
- Participate in Incident
- Assist in periodic or ad-hoc security report production
to provide relevant situational awareness for senior stakeholders
in the coordination and completion of information security operations documentation
with the information security team to develop strategies and plans to enforce security
requirements and address identified risks
- Provide additional support
to the RAND Information Security Operations Center as needed
Knowledge and Skills
- The ideal candidate
will have past experience performing network security and traffic analysis, hunting
for malicious network activity and initiating response actions. Also be familiar
with the use of SIEMs and different types of network security platforms. The
candidate must have a solid understanding of different types of cyber-attacks and
exploitation methods as well as network security principles.
with market leading security systems and products
- Knowledge of network
infrastructure, including routers, switches, firewalls, and the associated network
protocols and concepts.
- Ability to use Wireshark and other network analysis
Additional Skills, desired but not required
with Remedy Incident Management ticketing system and an enterprise level SIEM a
- Cyber forensics and malware reverse engineering skills a plus but
is not the core of the job
- Knowledge of the threat landscape, including
Advanced Persistent Threat adversaries
written and verbal communication skills
- Good analytic and problem-solving
- Effective time management. Must be able to work effectively
in a team environment.
- A strong customer/client focus, with the ability
to manage expectations appropriately, to provide a superior customer/client experience
and build long-term relationships.
- US citizenship and ability to obtain
and maintain a security clearance
- Bachelor’s degree in Computer Science or related
area desired but not required.
- Information security certifications (e.g.,
CISSP, Security+, CEH) are a plus.
Minimum of 5-6 years’ experience working in a security operations
or network security environment
U.S. Citizenship is required to obtain a security clearance.
Return to Open Positions