All levels of Cyber Engineer will have the skills listed below. Each level may have additional education, skill and/or experience requirements.
The Cyber Engineer designs, develops, documents, analyzes, tests, integrates, debugs, conducts research and/or discovers and analyzes security flaws or vulnerabilities in software, networks, systems, applications and/or provide mitigation strategies. The Cyber Engineer ensures system security needs are established and maintained for various objects/matters. Integrates new architectural features into existing infrastructures, design cyber security architectural artifacts, provide architectural analysis of cyber security features and relate existing system to future needs and trends. Evaluates computer software and network for threats and/or malware Collects data from a variety of network security tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyze events that occur within their environment. Employs and provides computer advanced forensic tools, techniques, and intrusion support for attack reconstruction and high technology investigations, while reviewing threat data from various sources. This position may also identify network computer intrusion evidence and perpetrators.
Experience leading an incident response team required.
Perform attack reconstruction, review threat data and investigate security incidents to determine extent of intrusion and compromise to system and data.
Provide computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments.
Auto-generate network traffic intelligence.
Develop mitigation strategies, including influencing accessible assets and data flows (e.g. block behaviors, quarantine hosts and enclave, block and modify traffic).
Provide countermeasure recommendations and business cases based on standard security principles, policies, standards and industry best practices
Test and provision countermeasures
Mitigate attacks and threats by assessing the impact of countermeasures and response effects.
Monitor and diagnose potential residual effects.
Use encryption technology, penetration, risk management and vulnerability analysis of various security technologies and information technology security research.
Gather data and formulate mitigation plans for effective and real-time incident response.
Perform one or more of the following:
oMalicious payload analysis, inspection of PCAP payload at the application layer.
oDe-obfuscation; transform source or machine code to human-readable cost to assess script functionality.
oBotnet activity correlation: asses impact/ effect of software robots (i.e., bots) that run autonomously, automatically and/or undetected.
Assist in identification and implementation of appropriate information security functionality
Serve as a subject matter expert for application security in support of programs.
Produce reports and briefs to provide accurate depiction of threat landscape and associated risks.
Experience with ArcSight required.
SourceFire experience desired.
Experience with one or more of the following is required: MS Visual Studio, Driver Development Kit, IdaPro, Windbg, SoftIce, OllyDbg, VMWare, etc
MANDATORY SKILLS: Ten (10) or more years of cyber security experience required.
[A Masters degree in a related discipline may substitute for two (2) years of experience. A PhD may substitute for four (4) years of experience.]
Bachelors degree in Cyber Security, Information Security, Software Engineering or a related discipline is required.
[Twelve (12) years of experience (for a total of twenty-two (22) or more years) may be substituted for a degree.]
Certified Information Systems Security Professional (CISSP) certification required.
DoD 8670 IAM Level II certification required.
Experience in intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis.
Experience with standard security principles, policies, standards and industry best practices.
Experience with software development
Understanding of windows and UNIX operating systems
Understanding of security technologies and concepts, experience in design and implementation of secure network solutions including DMZs and web portals
Knowledge of Information Assurance and Information Operations technologies and development activities.
Understanding of the processes and guidelines for Certifying & Accrediting (DCID, ICD, NIST 800-53, SANS 20) information systems based upon experience on a large-scale development program.
Practical experience hardening IT systems in compliance with STE/STIG guidelines
Possesses or quickly develop a comprehensive understanding of Government Information Security policies, regulations, and guidelines.
Experience and knowledge of networking (TCP/IP, topology, sockets and security), operating systems (Windows/UNIX/Linux), and web technologies (Internet security)
Active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance required.
U.S. Citizenship required.
OPTIONAL SKILLS: Information Systems Security Engineering Professional (ISSEP) or Information System Security Architect Professional (ISSAP) certification desired.
Certified Ethical Hacker (CEH) certification desired.
SANS/GIAC Reverse Engineering Malware (GREM) certification desired.
ArcSight Certified Security Analyst (ACSA) or ArcSight Certified Advance Security Analyst (ACASA) certification desired.
SourceFire Certified Professional (SFCP) certification desired.
Experience with Security Event Incident Management, Log Correlation and Network Behavior Anomaly detection systems (ArcSight, QRadar , Splunk, Mazu, Arbor, etc.)
Experience and/or familiarity with one of more of the following: Java, Swing, Hibernate, Struts, JUnit, Perl, Ruby, Python, HTML, C, C++, .NET, ColdFusion, Adobe, Assembly language, etc.
Demonstrated experience and/or familiarity with VMWare and virtual machines.
Ability to write custom tools and modify existing intrusion detection tools.
Experience with Agile development methodology.
Experience with automated testing tools (e.g., RSpec, Cucumber, etc.)
Experience with one or more of the following:
oSecurity COTS integration
oSecurity Incident Event Management
oOperating System Hardening
oVulnerability Assessment testing
oIdentification and Authentication schemes
oPublic Key Infrastructure and Identity Management
oCross Domain Solutions
oComputer Network Exploitation (CNE)
oComputer Network Operations (CNO)
oReverse Software Engineering
DODI 8570.1-M Compliance at IAT Level I certification required.
About Avid Technology Professionals
Avid Technology Professionals, LLC (ATP) is a premiere provider of software and systems engineering, and acquisition program management services for the community. ATP is actively seeking to pursue contract opportunities with other departments and agencies in the federal government, in state governments, and in the commercial sectors. Delivered by seasoned experts in the IT field, ATP solutions adeptly address the IT concerns manifesting in both the federal and commercial sectors.
The ATP Employee Benefits package includes:
* A Supportive and Equitable Working Environment that is both Stimulating and Challenging
* Competitive Hourly Salary
* Unique Employee Success Sharing Program that allows ATP employees to Share in Company's Successes
* Automatic Approved Overtime (as long as contract permits)
* Retirement Pay (401K); 100% company paid, immediately vested with Profit-Sharing Component
* Company Medical Coverage Plans - HMO, Open Access, PPO plans
* Company Dental Plan - widely accepted, comprehensive, and flexible
* Progressive Overtime Policy
* Flexible Spending Account benefit
* Lucrative Referral Bonus Policy
* Holiday Scheduling that Coincides with Government Holidays
* Robust Professional Expenses & Training Program
* Computer Allowance
* Internet Allowance
* Short and Long Term Disability
* Life Insurance