Network Based Systems Analyst
Arlington, VA

Job Description

Cyber Technology Services, Inc. has an immediate opening for Network-based Systems Analyst to support the customer team. The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations.

Job Description - Location: Arlington VA

Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify possible threats to network security.

Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents.

Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information.

Identify and document network based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.

Track and document CND incidents from initial detection through final resolution.

Perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.

Create and disseminate technical reports in response to conducted analysis.

Assist with writing CND guidance and reports on incident findings to appropriate constituencies.

Assist with developing and maintaining SOPs.

Participate in inter-agency sponsored community of interest analysis groups, participate in technical briefings and exchanges.

Serve as technical expert and liaison to leadership, NCCIC, the IC, and law enforcement personnel explaining incident details as required.

Manual review network device configurations for suspicious configurations or signs of compromise.

Assess network topology and network device configurations identifying critical security concerns and providing network security best practice recommendations to identify critical security concerns from an architecture perspective (e.g., external internet traffic bypassing firewall boundary) and a network device configuration perspective (e.g., default administrator account on a network device).

Collect network device integrity data, utilizing specialized tools, to detect unauthorized access (login access, configuration changes, interface changes, physical access, unscheduled reboots, blocked attempts, downgraded encryption, etc.).

Collect network device integrity data, utilizing specialized tools, to detect software modifications (file verification, online/offline hash, published hashed, memory verification, firmware verification, rootkit detection).

Collect network device integrity data, utilizing specialized tools, to detect hardware modifications (operating statistics, network traffic analysis).

Support network device integrity analysis on multi-vendor products (e.g., Cisco, Juniper, HP, Dell, etc.).

Assist with maintaining the readiness of all fly-away kits, storage media and forensic VM analyst images.

Divert/deploy teams of Contractor resources to provide on-site support and assistance in the event of an exercise or cyber incident.

Approved for Public Release

Non-Export Controlled See Sheet 1

REQUIRED SKILLS:

Demonstrated to advanced operational experience as an Incident Manager

Experience in providing leadership and vision in incident handling, response, and analysis.

Must be hands-on and have intimate knowledge and experience in cybersecurity, incident response, and analysis; digital forensics; security vulnerabilities/weaknesses and related attacks; network security issues and encryption technologies; management of lab environments to include flyaway kits.

Demonstrated to advanced experience of current threats, vulnerabilities, and attack trends

Critical thinking and problem solving skills

Demonstrated to advanced experience working directly with customers to transfer Threat Hunting knowledge

Possess good time management and written and oral communications skills

DESIRED SKILLS/CERTIFICATIONS:

GNFA, GCIH, GCFA

REQUIRED EDUCATION/EXPERIENCE:

This position requires a Bachelor's degree in a related discipline with a minimum of eight (8) years directly related experience. Equivalent years of directly related experience may be considered in lieu of educational requirements.

REQUIRED Clearance: TS/SCI