Cyber Security Analyst ( R-00060899 )
In this role as a Cyber Security Analyst, the individual provides technical and programmatic Cyber Security Services to internal and external customers in support of network and information security systems. The role designs, evaluates, develops and implements security requirements as part of an Agile team. Assists the ISSOs with preparing documentation for RMF (Risk Management Framework). Responsible for analyzing and developing test procedures and contingency plans as part of the assessment and authorization (A&A) process. Conducts/Perform complex risk and vulnerability assessments including development of risk mitigation strategies. Recommends system enhancements to improve security deficiencies. Develops, tests, and integrates/automates security tools. Assess system configurations and installs security tools, scans systems to determine compliancy and report results and evaluates products and various aspects of system administration. Conducts and evaluates security program audits and develops solutions to minimize identified risks. Aids in computer incident investigations and evaluations.
· Operating in a command-line environment
· Familiarity and/or experience performing cyber threat analysis based on Indicators of Compromise (IOCs)
· Experience performing open source analysis for cyber event correlation, data enrichment, and threat hunting
· An understanding of Advanced Persistent Threat (APT) cyber activity with an understanding of common intrusion set tactics, techniques, and procedures (TTPs)
· Technical education (formal or informal) on network communication, net-defense, and common attack techniques
· Ability to perform data analysis, aggregation, event correlation
· Writing ability to author various types of cyber threat products tailored to computer network defenders
· Very high attention to detail and desire to learn and contribute
· Demonstrated motivation to maintain awareness of current cybersecurity and threat intelligence news and trends
· Work with multiple operating systems relevant to our customer environments (Windows, Mac, Linux) and the similarities and differences in network traffic generated in each.
· Work with basic security concepts and terminology such as the CIA triad, industry best practices, risk, vulnerability, threat, attack vectors, encryption, encoding, and various types of threat actors.
· Process IDS alerts and identifying incidents and events in customer data.
· Conduct packet level analysis using tcpdump or Wireshark on the session and surrounding traffic of an IDS alert.
· Perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic.
· Writing incident reports, process documentation, and interact with customer.
EDUCATION & EXPERIENCE:
Candidate must have a BS with 8-12 years of prior relevant experience or (in Computer Science, Engineering, Information Technology, System Administration, Cyber Security). Will consider work experience in lieu of a degree.
CISSP and/or ISSEP Certification a plus.
• Active TS/SCI with Polygraph
• Eight or more years of information assurance and cyber security engineering experience
• Can work independently of direct supervision
• Ability to build strong customer relationships
• Five or more years of information assurance and cyber security engineering experience
• Experience with the Risk Management Framework (RMF) and ICD 503 Security Accreditation processes.
• Experienced with various security tools and processes such as Splunk, Nessus Security Center, Appdetective, WebInspect, Xacta
• Experience with the NIST Risk Management Framework (RMF)
• Experience with migration and operation of systems to an Amazon Web Services (AWS) cloud environment
• A professional background in Systems Engineering / Cloud Architecture / Software Development
• Experience with Cloud Computing Technologies/Amazon Web Services (AWS)
• Experience with Agile Software Development
• AWS/Azure/Google Certifications
• Experience with scripting languages (Python, Power Shell)
• Experience with SAFe Agile FrameworkExternal Referral Bonus:EligibleExternal Referral Bonus $:5000Potential for Telework:NoClearance Level Required:Top Secret/SCI with PolygraphTravel:NoScheduled Weekly Hours:40Shift:DayRequisition Category:ProfessionalJob Family:Information AssurancePay Range: