Cyber Defense Analyst with Security Clearance

Work closely with Government counterparts to provide guidance within the CND-SP area. Provide CND reports, trends, responses, mitigations, analysis & information dissemination. Provide C2 support, situational awareness support, and provide leadership & support for all CND applicable activities within Protect, Detect, Respond, and Sustain. Work as a technical leader within the CSSP Team, responsible for maintaining the integrity & security of enterprise-wide systems & networks. Provide technical leadership to CND Teams supporting security initiatives through predictive & reactive analysis, and by articulating emerging trends to leadership & staff. PRIMARY RESPONSIBILITIES: • Perform computer network incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats to the enterprise. • Monitor various security tools and applications for possible malicious activities, investigate any associated alerts or indicators, and develop recommendations for a course of action, including mitigation strategies as necessary. • Conduct analysis of low-level (“low and slow”) events to identify unauthorized activity utilizing exploratory problem-solving or self-learning techniques. • Conduct near real-time event triage and analysis, which can result in network traffic validations or a Mission Partner’s incident report. • Utilize formal monitoring policies and procedures that include the appropriate use of DoD-approved network monitoring and traffic analysis tools to assist with identifying suspicious, anomalous, or overtly malicious network traffic on a 24/7/365 basis. • Review and analyze available logs in a timely manner to detect intruders and notify Mission Partners of activity through a formal reporting process/pending an incident report. • Apply, develop, tune, and distribute or optimize new and existing countermeasures or guidance to prevent or mitigate potential cyber event impacts when possible. • Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks. • Understand attack signatures, tactics, techniques, and procedures associated with advanced threats. • Requires good technical writing skills as each event, including the associated analysis, are documented in a ticketing system for review and action. • Requires excellent communication skills as we are collocated with our customer and regular face-to-face interaction is necessary throughout the day, as well as significant coordination and communication between team members. BASIC QUALIFICATIONS: • Minimum active DoD Secret clearance with ability to obtain Top Secret (active TS strongly preferred) • Current DoD 8570 IAT Level II Certification (e.g. Sec+ CE) or higher at time of start. • Ability to obtain DoD 8570 CSSP-Analyst certification, such as CEH, CySA+, GCIA or equivalent, within 180 days of hire. • Bachelor's and 2+ years of relevant experience; additional relevant work experience and/or military service may be considered in lieu of degree • Experience working CND duties (e.g., Protect, Defend, Respond, and Sustain). • Experience working with DoD / Government Leaders at all levels. • Strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls. • Experience evaluating packet captures. • Willingness and ability to perform shift work (shifts may not be static). PREFERRED QUALIFICATIONS: • Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task. • Knowledge of hacker tactics, techniques and procedures (TTP). • Familiarity with computing security frameworks such as MITRE ATT&CK and Cyber Kill Chain. • Monitoring of intrusion detection and computer defense appliances (Splunk, Elastic), applications, and analysis of associated alerts. • Knowledge of advanced threat actor tactics, techniques, and procedures (TTP) • Understanding of software exploits. • Analyze packed and obfuscated code.