Cyber Threat Analyst, Principal (Grimlock)

At&T Chantilly , VA 22022

Posted 4 months ago

Plan and investigate cyber incidents including establishing cyber incident cases: Set up a response plan with procedures. Focus and coordinate with I&W to focus on incident prevention. Incident prevention is especially important in order to reduce the seriousness of a cyber incident.

Incident management: detect potential/actual issues; contain the event, especially when related to malware installed on servers; remediate including eradication of malware; recover from the event and restore systems to full functionality; perform computer security incident response activities for a large organization, coordinate with other government agencies to record and report incidents. Monitor & analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information. Communicate alerts to agencies regarding intrusions and compromises to their network infrastructure, applications & operating systems. Assist with implementation of counter-measures or mitigating controls. Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. Perform periodic and on-demand system audits and vulnerability assessments including user accounts, application access, file system and external Web integrity scans to determine compliance. Prepare incident report of analysis methodology and results. Prepare incident reports of analysis methodology and results. Provide guidance and work leadership to less-experienced technical staff members. Maintain current knowledge of relevant technology. Participate in special projects as required.

Prerequisites: / Qualifications:
Must be able to satisfy requirements for Computer Network Defense (CND) Analyst, Infrastructure Support, Incident Responder, Auditor, and Management positions in accordance with the ND 50-05 (IAWEP) guidance. Must possess ten to fifteen (10 to 15) years of experience in the Information Systems (IS) environment.

Specific experience in

  • advanced use of forensic tools/investigations;
  • investigating advanced persistent threat (APT), hacker/breach investigations, intrusion analysis, and advanced investigative strategies;
  • advanced computer forensics methodology; in-depth Windows FAT and exFAT file system examination;
  • remote & complex forensic acquisition/analysis tactics;
  • advanced memory acquisition & analysis;
  • live response & volatile evidence collection;
  • system restore points & volume shadow copy exploitation;
  • file system timeline analysis; super timeline analysis; file system and data layer examination;
  • metadata and file name layer examination; file sorting and hash comparisons;
  • advance file recovery;
  • discovering unknown malware on a host; recovering key windows files;
  • indicators of compromise development & usage;
  • step-by-step methodologies to investigate intrusion cases;
  • extensive experience with Wireshark and Flow analysis tools.

Candidate should also have research and analytical skills and be able to pinpoint significant patterns related to cyber threats, strong organizational, presentation and communication skills.

Candidate should be able to provide rule to IDS developed based on research to identify vulnerabilities being exploited.

Education: Bachelors in Computer Science (Information Management, Computer Information Systems (CIS), or 10-15 years of practical experience in the IS environment. Candidate must possess the following certifications: CEH and CISSP-ISSMP or CISM. Real-world experience in cyber incident response/reconstruction/analysis, SIEM operations/maintenance, and malware analysis is desired.

Required Clearance: U. S. Citizen; minimum TS//SCI and CI Poly

Job ID 1843302 Date posted 11/30/2018

upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Threat Analyst

Mantech International Corporation

Posted 1 week ago

VIEW JOBS 1/10/2019 12:00:00 AM 2019-04-10T00:00 Entering ManTech's 50th year, we hold the distinct honor of being named a "Top 100 Global Technology Company" by Thomson Reuters. We understand that in order to hold this distinct honor, we must provide our employees with the opportunity to break through barriers. We reinvest in our employees through rich educational opportunities such as 100% paid tuition for qualifying Bachelor's and Master's degrees, rich training and certification programs allowing our employees to obtain industry best certifications, a variety of Communities of Practice (COPs) where employees can exchange knowledge and much more, along with a vast array of instruction and resources needed for personal and professional development through our very own ManTech University. In addition to those amazing benefits, ManTech also has a fully dedicated Career Mobility team to provide you with guidance and assistance to continue to grow your career with ManTech. ManTech is seeking a motivated, career and customer oriented Cyber Threat Analyst to join our team in Chantilly, VA to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech. Responsibilities include, but are not limited to: * Conducts research, analysis, and correlation across a wide variety of all source cyber threat data sets (indications and warning). * Monitors external threat data sources to maintain currency of CND threat conditions and determine which security issues may have an impact on the enterprise. * Researches, identifies, and verifies new cyber threat adversary tools, tactics, and processes (TTPs). * Performs detailed analysis of cyber threat adversary and develops recommendations for countermeasures. * Assesses and identifies Advanced Persistent Threat (APT) activities. Performs CND trend analysis and threat intelligence reporting. Position Requirements: * Minimum Education: B.S. or relevant experience in related field. * Minimum/General Experience: 2-4 years of related experience. * Experience in a Cybersecurity Operations Center environment desired * Experience with COTS technologies used in a Cybersecurity Operations Center environment desired * CNDSP-IR (GCIH, CSIH, or CEH) certification * IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification desired Demonstrated technical experience: * Previous experience as Cyber Threat Researcher or Cyber Intelligence Analyst. * Research experience in tracking cyber threat and malware campaign activity. * Ability to create, modify, and implement Snort, Suricata, and YARA signatures. * Strong understanding of Operating Systems and Network Protocols. * Working knowledge of database and operating system security. * Understanding of latest security principles, techniques, and protocols. * Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met. * Excellent verbal and written communication skills are required. * Ability to effectively interact with various levels of senior management is necessary. * Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice. * Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities. Clearance Requirement: * Must possess an active TS/SCI w/ a CI polygraph. Qualifications Requires Bachelor¿s degree or equivalent and two to four years of related experience. Minimum of one year experience in technology/tools specific to the target platforms. Degrees See Qualifications Years of Experience See Qualifications Position Type Full-Time Shift Day Overview For more than 40 years, ManTech employees have been solving complex problems for the national security community. We are comprised of approximately 10,000 talented employees around the world. We adhere to the simple, no-nonsense values on which ManTech was founded more than four decades ago, aligning squarely with the mission objectives of our customers. As our customer base continues to expand and diversify, we continue to diversify our workforce and solutions. Half our employees have a military background, and more than 70 percent hold a government security clearance. As a leading provider of innovative technology services and solutions for the nation's defense, security, space, and intelligence communities; we hold nearly 1,000 active contracts with more than 40 different government agencies. Apply Now Save to cart ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Waretime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law. If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services. If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accomodation if you are unable or limited in your ability to use or access as a result of your disability. To request an accomodation please click and provide your name and contact information. © 2010 ManTech International Corporation. All Rights Reserved. About ManTech | Terms of Use | Contact ManTech | EEO Poster Mantech International Corporation Chantilly VA

Cyber Threat Analyst, Principal (Grimlock)