Cyber Security Analyst ( R-00055162 )
This position provides Cyber Security Analysis to C5ISR Center Sustaining Base Network Assurance Branch (SBNAB) Defensive Cyber Operations (DCO) Security Operations Center (SOC). Beyond advising and guiding technical matters, this position is tasked with driving implementation and adoption of new tools, research, capabilities, frameworks, and methodologies while ensuring those already in use are implemented, utilized properly, and improved.
Operating in a command-line environment
Work with multiple operating systems relevant to our customer environments (Windows, Mac, Linux) and the similarities and differences in network traffic generated in each.
Work with basic security concepts and terminology such as the CIA triad, industry best practices, risk, vulnerability, threat, attack vectors, encryption, encoding, and various types of threat actors.
Work with protocols at layers 2 and higher in the OSI model, to include ARP, TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use the well-known ports.
Process IDS alerts and identifying incidents and events in customer data.
Conduct packet level analysis using tcpdump or Wireshark on the session and surrounding traffic of an IDS alert.
Perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic.
Writing incident reports, process documentation, and interact with customer.
Transcribe and implement indicators into an environment.
Consume policy documentation and determine applicability in a network.
Bachelor's degree and 2+ years of prior IT experience, or Associate degree with 4+ years of experience. Additional certifications and experience may be considered in lieu of degree.
1+ years’ experience working in a SOC environment
DoD 8570 IAT II certifications required prior to starting
Demonstrated knowledge of industry accepted standards.
Demonstrated experience with researching and fielding new and innovative technology
Motivated self-starter with strong written and verbal communication skills
Strong analytical and troubleshooting skills.
Must be a US Citizen.
Candidate must possess an active TS/SCI, or a Top Secret clearance with a current SSBI, and be eligible to obtain a TS/SCI clearance.
Technical understanding of core current cybersecurity technologies as well as emerging capabilities.
Hands-on cybersecurity experience (Protect, Detect, Respond or Sustain) within a Computer Incident Response organization.
Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
External Referral EligibleExternal Referral Bonus:EligiblePotential for Telework:NoClearance Level Required:Top SecretTravel:Yes, 10% of the timeScheduled Weekly Hours:40Shift:DayRequisition Category:ProfessionalJob Family:Cyber OperationsPay Range: