Cyber Defense Analyst, Mid
Washington, DC

Job Description

Cyber Defense Analyst, Mid

Key Role:

Perform incident triage, including determining scope, urgency, and potential impact and identify and recommend specific remediation strategies. Lead or participate in the technical response and investigation in breaches of computer security events and intrusions and liaise with required mission partners and authorities, including security, legal, counterintelligence, and law enforcement. Conduct incident response coordination and reporting for all Cybersecurity events to higher-echelon Computer Network Defense (CND) Service Providers (CNDSPs) to provide situational awareness to mission partners. Conduct in-depth forensics of digital evidence, including hard drives, mobile devices, and flash and optical media while handling in accordance with applicable rules of evidence and industry best practices. Conduct in-depth malware analysis by using advanced techniques to identify malware, assess its operation, comprehend its attack vectors, and other malware indicators of interest to CND. Conduct network and system Cybersecurity tasks, including performing full packet capture and analysis of raw network packet captures, correlate system logs from multiple sources to identify attack vectors and Cyber threat activity. Create specialized scripts and tools to assist with the identification, detection, and analysis of Advanced Persistent Threats and other actors' activities.

Basic Qualifications:

* 5+ years of experience in the CND field
* 5+ years of experience with Local and Wide Area Network technologies, networking protocols, and file systems and Windows and Linux commands
* 3+ years of experience with the design, development, integration, operation, and analysis of Cybersecurity technologies used in the DoD and Intelligence Community (IC)
* 2+ years of experience with implementing and interpreting DoD and Chairman of the Joint Chiefs of Staff (CJCS) CND directives
* TS/SCI clearance
* BA or BS degree in CS, IT, or Information Assurance or 8+ years of experience in a professional work environment
* DoD 8570.01-M Compliant Certifications, including Global Information Assurance Certification (GIAC), Certified Intrusion Analyst (GCIA), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or Computer Security Incident Handler (CSIH)

Additional Qualifications:

* Experience with using Federal, DoD, IC, and industry standards in creating best practices, manuals, and standard operating procedures
* Experience with the development and implementation of CND tactics, techniques, and procedures (TTPs)
* Experience with researching Advanced Persistent Threats and emerging Cyber threats to create fused briefs and situation reports
* Experience with monitoring, detection, identification, categorization, eradication, response, recovery, and mitigation of Cybersecurity incidents and breaches
* Experience with analyzing network traffic packet captures and analysis tools and methodologies
* Experience with Network Intrusion Detection/Prevention Systems (IDS/IPS) and host-based IDS and IPS, including McAfee Electronic Policy Orchestrator (ePO) and a Host-Based Security System (HBSS)
* Experience with identifying and classifying attack vectors, malware detection and analysis, IDS and IPS rule writing, and countermeasure development
* Experience with conducting vulnerability assessments using eEye Retina, Tenable Nessus, WASSP, and SECSCN and remediation of security control deficiencies
* Experience with Web content filters and e-mail content filters, including Smart Filter, McAfee Web Gateway, and McAfee E-mail Gateway
* Experience with tuning, operations, and analysis of Security Information and Event Management (SIEM) capabilities, including HP ArcSight and Splunk
* Experience in collecting, acquiring, and analyzing forensic images and other data with tools, including EnCase Enterprise, EnCase Cybersecurity, LinEn, and netcat, recovery CDs, including ERD Commander and Hiren, and SysInternals tools
* Knowledge of network security architecture concepts, including topology, protocols, components, and principles, including application of defense-in-depth
* Knowledge of general attack stages, including footprinting and scanning, enumeration, gaining access, escalation of privileges, network exploitation, and covering tracks
* Knowledge of policies and processes related to CND implementation, execution, and management
* Knowledge of virtualization technologies and common enterprise solutions
* Knowledge of firewall rules and routing rules and scripting and coding languages
* Knowledge of reverse engineering malware and writing detailed findings and reports
* Ability to pay strict attention to detail
* Possession of excellent interpersonal, organizational, time management, analytical, and problem-solving skills
* Possession of excellent oral and written communication skills

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We're an EOE that empowers our people-no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic-to fearlessly drive change.