Sr. Cyber Intelligence Analyst (Secret clearance w/ SSBI required)
Fort Belvoir, VA

Job Description

DEI has an exciting opportunity for a mid-level Cyber Security Analyst with one of our clients within the Defense Threat Reduction Agency (DTRA). In this role you will be responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks. You will support cyber security initiatives, utilizing both predictive and reactive analysis. The best candidate will have experience interfacing with external entities such as law enforcement, the IC, or DoD. We are looking for somebody who has at a minimum a Secret clearance with SSBI and is clearable at the TS-SCI level.

PRIMARY RESPONSIBILITIES

Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks. Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff. Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution. Employs advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis. Supports internal HR/Legal/Ethics investigations as forensic subject matter expert. Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks. Reviews threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities. Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques. Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats. Develops analytical products fusing enterprise and all-source intelligence. May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols. Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense.

BASIC REQUIRED QUALIFICATIONS

* 2+ Years of Intrusion Detection System Monitoring Experience using Snort,Sourcefire, Suricata or similar NIDS
* Packet Analysis - Demonstrate strong ability to analyze & interpret PCAP
* Working knowledge of ArcSight ESM and Splunk
* Ability to work effectively independently as well as within a team environment
* Excellent written and verbal communication skills
* Demonstrated a strong work ethic and ability and willingness to take on new challenges

ADDITIONAL PREFERRED QUALIFICATIONS

* Linux Command Line
* Linux Shell Scripting [Python Shell Scripting preffered]
* Yara Rule Writing
* Netflow analysis and application toward CND
* Ability to create custom snort signatures
* Previous Watchfloor experience