Cyber Security Analyst

Zachary Piper Solutions provides advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilities. Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity. We are seeking a Cyber Security Analyst to support this critical customer mission. This role is on-site in Arlington, VA.

Responsibilities:

• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources

• Coordinate with enterprise-wide cyber defense staff to validate network alerts

• Perform management duties as required to support the team, projects and analysts

• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment

• Perform cyber defense trend analysis and reporting

• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack

• Provide daily summary reports of network events and activity relevant to cyber defense practices

• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of alerts

• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities

• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity

• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information

• Identify and analyze anomalies in network traffic using metadata

• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools

• Identify applications and operating systems of a network device based on network traffic

• Reconstruct a malicious attack or activity based off network traffic - Identify network mapping and operating system (OS) fingerprinting activities

• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave

Required Skills/Clearances:

• Active TS/SCI clearance

• Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability

• 5+ years of direct relevant experience in cyber defense analysis using leading edge technologies and industry standard cyber defense tools

• Experience successfully developing and deploying signatures

• Experience detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)

• Experience implementing incident handling methodologies

• Experience implementing protocol analyzers

• Experience collecting data from a variety of cyber defense resources

• Experience reading and interpreting signatures (e.g. snort) - Experience performing packet-level analysis

• Experience conducting trend analysis

Desired Skills:

• Substantial knowledge of network device integrity concepts and methodologies

• Proficiency with network analysis software (e.g. Wireshark)

• Proficiency with carving and extracting information from PCAP data

• Proficiency with non-traditional network traffic (e.g. Command and Control)

• Proficiency with preserving evidence integrity according to standard operating procedures or national standards

• Proficiency with virtualized environments

Required Education:

• BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 10 years of network investigations experience.

Desired Certifications:

• One or more of the following professional certifications: GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE GSEC (SANS401), Arcsight (or other SEIM solution), Network+, Security+

Compensation Includes:

Salary range: $120,000 - $130,000 based on experience

Health, Dental, Vision, 401K, PTO, Paid Holidays, etc.

#LI-CB1

Keywords: cyber security, splunk, Splunk SPL, incident response, digital forensics, network, Security+, intrusion detection system, IDS, SOC, threat, threat hunting, threat hunter