ECS is seeking multiple Cyber Security Analysts (all levels) to work in our Colorado Springs, CO office. Please Note: This position is contingent upon contract award.
ECS, an award-winning, global security leader, is expanding our team of cyber experts. Entry to advanced positions are available. All positions include career development/progression, paid training and certs, industry-leading benefits, and opportunity to provide critical mission defense to our country.
Level 1 Cyber Analyst: Minimum 1 year experience.
Operating in a command-line environment
Basic familiarity with multiple operating systems relevant to our customer environments (Windows, Mac, Linux) and the similarities and differences in network traffic generated in each
Familiarity with basic security concepts and terminology such as the CIA triad, industry best practices, risk, vulnerability, threat, attack vectors, encryption, encoding, and various types of threat actors
Knowledge of protocols at layers 2 and higher in the OSI model, to include ARP, TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use the well-known ports
Experience processing IDS alerts and identifying incidents and events in customer data
Ability to conduct packet level analysis using tcpdump or Wireshark on the session and surrounding traffic of an IDS alert
Capability to perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic
Basic technical writing skills for incident report writing, customer interaction, and process documentation
Able to accurately transcribe and implement indicators into our environment
Able to consume policy documentation and determine applicability in a network
Level II Cyber Analyst: Minimum 3 years experience.
Intermediate command line experience that includes chaining Unix utilities such as sed, awk, and grep together
Intermediate IDS (Snort, Suricata, Bro/Zeek, etc.) creation and tuning, to include performing impact analysis on customer environments and review and correction of Tier I rules
Analysis of alert traffic plus surrounding traffic to provide context to inform analysis
Ability to consume open and closed source and search indicators in customer data, then generate new IDS configurations for future detection
Basic hunt experience that includes sifting non-alert-based traffic and deriving meaningful results in the absence of corresponding OSINT
Basic vulnerability awareness and able to determine applicability to customer environments, using data to establish attack attempts and success/failure
Maintaining current threat awareness
Ability to analyses complex (multipacket, multi-vector, multi-exploit, large volume) traffic and derive meaningful conclusions
Self-directed research, development, customization, or other contributions to process improvement
Continual enrichment of IDS and moderate ability to tune on the fly
Ability to self-educate with non-comprehensive or incomplete documentation on new concepts, protocols, and data formats
Level III Cyber Analyst: Minimum 6 years experience.
Expert at operating in a command-line environment, to include chaining utilities, complex commands integration of tcpdump to analyse novel protocols, IP protocols, and protocols outside the scope of IDS operation or detection
Advanced Snort capabilities, to include identifying flaws in existing rules, customization and optimization, correction of third party rules, review and correction of Tier I and Tier II rules
Basic scripting and development to fill capabilities gaps
Generate and maintain technical documentation for retaining institutional knowledge
Ability to critically read and update technical documentation with regular, periodic reviews to ensure currency
Periodic and systematic review of indicators and rules to ensure the IDS is up to date and streamlined, with non-relevant indicators being cleared
Ability to analyse new or novel system logs or network traffic and to make meaningful hypotheses about them, absent corresponding open source information available
Able to explain complex technical topics in layman's terms to effectively communicate with nontechnical participants
Operationalize projects such as new tools moved into production, new detection methods shared with the DoD community
Daily consumption of domestic and international news from multiple sites, awareness of the differing biases / slants in presentation of the sites, able to conduct additional research for historical context into particular international situations in order to drive analysis
Clearance: TS w/ SCI eligibility is required to start.
Certifications: Completed DoD 8570 for IAT-I required to start.
Familiarity and background with the following technologies/tools: Snort, Suricata, Bro/Zeek.
Experience in one or more computing environments: Windows, Mac, Linux.
Bachelors Degree Preferred
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.