and investigate cyber incidents including establishing cyber incident
cases: Set up a response plan with
procedures. Focus and coordinate with
I&W to focus on incident prevention.
Incident prevention is especially important in order to reduce the
seriousness of a cyber incident.
management: detect potential/actual issues; contain the event, especially
when related to malware installed on servers; remediate including eradication
of malware; recover from the event and restore systems to full functionality;
perform computer security incident response activities for a large
organization, coordinate with other government agencies to record and report
incidents. Monitor & analyze
Intrusion Detection Systems (IDS) to identify security issues for
remediation. Recognize potential,
successful, and unsuccessful intrusion attempts and compromises through
reviews and analyses of relevant event detail and summary information. Communicate alerts to agencies regarding
intrusions and compromises to their network infrastructure, applications
& operating systems. Assist with implementation of counter-measures or mitigating
controls. Ensure the integrity and
protection of networks, systems, and applications by technical enforcement of
organizational security policies, through monitoring of vulnerability
scanning devices. Perform periodic and
on-demand system audits and vulnerability assessments including user accounts,
application access, file system and external Web integrity scans to determine
compliance. Prepare incident report of
analysis methodology and results. Prepare
incident reports of analysis methodology and results. Provide guidance and work leadership to
less-experienced technical staff members.
Maintain current knowledge of relevant technology. Participate in
special projects as required.
* Work to be performed in the Springfield, VA area*
Prerequisites: / Qualifications:
The Cyber Threat Analyst Principal must have a minimum of 8 or more years
of cyber security experience (DoD 8570 requirement). For 8570 Compliance,
must have or be able to obtain CEH, GICA or GCIH within 6 months.
be able to satisfy requirements for Computer Network Defense (CND) Analyst,
Infrastructure Support, Incident Responder, Auditor, and Management positions
in accordance with the ND 50-05 (IAWEP) guidance.
* advanced use of forensic
* investigating advanced persistent
threat (APT), hacker/breach investigations, intrusion analysis, and advanced
* advanced computer forensics methodology;
in-depth Windows FAT and exFAT file system examination;
* remote & complex forensic
* advanced memory acquisition &
* live response & volatile evidence
* system restore points & volume
shadow copy exploitation;
* file system timeline analysis; super
timeline analysis; file system and data layer examination;
* metadata and file name layer
examination; file sorting and hash comparisons;
* advance file recovery;
* discovering unknown malware on a host;
recovering key windows files;
* indicators of compromise development
* step-by-step methodologies to
investigate intrusion cases;
* extensive experience with Wireshark and
Flow analysis tools.
should also have research and analytical skills and be able to pinpoint significant
patterns related to cyber threats, strong organizational, presentation and
should be able to provide rule to IDS developed based on research to identify
vulnerabilities being exploited.
experience in cyber incident response/reconstruction/analysis, SIEM
operations/maintenance, and malware analysis is desired.
Required Clearance: U. S.
Citizen. TSSCI with Polygraph
required. Must have an active or reinstatable TSSCI with Polygraph to apply.
Job ID 1924533 Date posted 07/02/2019
AT&T is a provider of telecommunications, media, entertainment, and technology services for consumers, content creators, distributors, and advertisers.