Insider Threat Analyst
Arlington, VA

Job Description

Who We Seek:

* Passion Seekers. You genuinely care about the work that you do and its impact on society.
* Self-Starters. You're a go-getter who isn't afraid to step up and disrupt the status quo.
* Entrepreneurs. You bring fresh ideas to the table, work hard, develop business and consistently seek new challenges.
* Collaborators. You're a great contributor to a high performing team that accomplishes great feats for our clients.

What You Will Do:

We are seeking a talented Insider Threat Analyst to join our focused operations team in Arlington, VA. The ideal candidate will comb a large network searching for possible insider threats and data exfiltration. A Top Secret Clearance is required. Candidates must be eligible for an SCI Clearance.

Required Skills:

* 5 years of experience in a cyber network defense environment
* Active Top Secret and SCI eligible.
* Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
* Prior experience and ability to analyze information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
* Strong logical/critical thinking abilities, especially analyzing security events (windows event logs, Tanium queries, network traffic, IDS events for malicious intent).
* Strong proficiency Report writing - a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
* Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
* A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
* Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
* Experience conducting Forensic Analysis on compromised systems using digital forensics tools (e.g. EnCase, FTK)
* Experience with Cyber, Insider Threat and Policy Violation Investigations, and conducting eDiscovery investigations
* Proficiency in cyber threat exploitation patterns, from discovery through establishing a persistent presence
* Provide subject matter expertise support in the detection, analysis and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.
* Experience leveraging reverse engineering tools, such as IDA Pro, WinDbg, Immunity, OllyDbg, etc
* Knowledge and proficiency using the tools and techniques required to successfully conduct dynamic and static analysis of binary samples.

Desired Skills:

* Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering.
* Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk or ArcSight)Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
* Digital Forensic and Incident Response Certifications such as: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, CISSP, Security+, Network+, CEH, CND. CCE, CFC, EnCE, CFCE, GREM.
* Existing Subject Matter Expert of Advanced Persistent Threat or Emerging Threats.
* Experience in recommending and coordinating countermeasures to operational CND personnel.
* Ability to work on-call during critical incidents or to support coverage requirements (including weekends and holidays when required).
* Familiarity with scripting languages (BASH, Powershell, Python, PERL, RUBY etc.) or software development frameworks (.NET).

About Us:

Attain is a place for great ideas and the people who have them. As a management, technology, and strategy consulting firm, our professionals provide innovative solutions to revolutionize government, education, health, and nonprofit organizations and positively impact those they serve. We are business analysts, technologists, digital strategists, managers of change, and forward thinkers, with the entrepreneurial drive to shape the future. Our team is present in 40 states and the District of Columbia.

Visit www.attain.com/careers to explore your path forward with Attain.