Cyber Threat Analyst, Principal (Grimlock)

At&T Chantilly , VA 22022

Posted 2 months ago

Plan and investigate cyber incidents including establishing cyber incident cases: Set up a response plan with procedures. Focus and coordinate with I&W to focus on incident prevention. Incident prevention is especially important in order to reduce the seriousness of a cyber incident.

Incident management: detect potential/actual issues; contain the event, especially when related to malware installed on servers; remediate including eradication of malware; recover from the event and restore systems to full functionality; perform computer security incident response activities for a large organization, coordinate with other government agencies to record and report incidents. Monitor & analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information. Communicate alerts to agencies regarding intrusions and compromises to their network infrastructure, applications & operating systems. Assist with implementation of counter-measures or mitigating controls. Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. Perform periodic and on-demand system audits and vulnerability assessments including user accounts, application access, file system and external Web integrity scans to determine compliance. Prepare incident report of analysis methodology and results. Prepare incident reports of analysis methodology and results. Provide guidance and work leadership to less-experienced technical staff members. Maintain current knowledge of relevant technology. Participate in special projects as required.

Prerequisites: / Qualifications:
Must be able to satisfy requirements for Computer Network Defense (CND) Analyst, Infrastructure Support, Incident Responder, Auditor, and Management positions in accordance with the ND 50-05 (IAWEP) guidance. Must possess ten to fifteen (10 to 15) years of experience in the Information Systems (IS) environment.

Specific experience in

  • advanced use of forensic tools/investigations;
  • investigating advanced persistent threat (APT), hacker/breach investigations, intrusion analysis, and advanced investigative strategies;
  • advanced computer forensics methodology; in-depth Windows FAT and exFAT file system examination;
  • remote & complex forensic acquisition/analysis tactics;
  • advanced memory acquisition & analysis;
  • live response & volatile evidence collection;
  • system restore points & volume shadow copy exploitation;
  • file system timeline analysis; super timeline analysis; file system and data layer examination;
  • metadata and file name layer examination; file sorting and hash comparisons;
  • advance file recovery;
  • discovering unknown malware on a host; recovering key windows files;
  • indicators of compromise development & usage;
  • step-by-step methodologies to investigate intrusion cases;
  • extensive experience with Wireshark and Flow analysis tools.

Candidate should also have research and analytical skills and be able to pinpoint significant patterns related to cyber threats, strong organizational, presentation and communication skills.

Candidate should be able to provide rule to IDS developed based on research to identify vulnerabilities being exploited.

Education: Bachelors in Computer Science (Information Management, Computer Information Systems (CIS), or 10-15 years of practical experience in the IS environment. Candidate must possess the following certifications: CEH and CISSP-ISSMP or CISM. Real-world experience in cyber incident response/reconstruction/analysis, SIEM operations/maintenance, and malware analysis is desired.

Required Clearance: U. S. Citizen; minimum TS//SCI and CI Poly

Job ID 1843302 Date posted 11/02/2018

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Principal Cyber Network Defense Analyst Ts/Sci With Poly Reqd

General Dynamics Information Technology

Posted 2 days ago

VIEW JOBS 11/17/2018 12:00:00 AM 2019-02-15T00:00 We are seeking an individual with a broad base of experience in Information Technologies and Cybersecurity, and the desire and drive to make a difference. As a Computer Network Defense (CND) Analyst you will be responsible for monitoring an extensive array of networks to detect suspicious and malicious activity that could jeopardize the health of information systems. Our Analysts are responsible for reviewing logs from various security tools and network traffic analyzers. You must be able to research, compile information and prepare computer security incident reports based on events, incidents and intrusions that are detected. You will work closely with Incident Response Analysts, Infrastructure Engineers and System Administrators to ensure proper handling and mitigation of all activity detected. Key Responsibilities: * Constant monitoring of intrusion detection systems using SEIM tools * Creation of technical incident response reports based on intrusions and events * Provides assistance in computer incident investigations * Perform independent research and analysis of security threats * Coordinate with other teams to analyze, investigate and remediate detected incidents * Analyze and evaluate anomalous network and system activity * Recommend modifications to security tools to better detect, prevent, and mitigate intrusions * Knowledge of computer network defense and vulnerability assessment tools, including open source tools, and their capabilities * Knowledge of defense-in-depth principles and network security architecture * Skill in collecting data from a variety of computer network defense resources * Strong ability to work independently and as part of a cohesive and collaborative team * Knowledge and understanding of networking, network layers, protocols, devices and multiple operating systems * The ability to utilize critical thinking, to think outside of the box, and to communicate clearly while under pressure * Participates in special projects as required. Education: Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience. Qualifications: 8-10 years of related experience in data security administration. * The successful candidate must have excellent verbal and written communication skills and strong work ethic * He/she must have several years' experience with and be able to analyze Intrusion Detection Systems (IDS) to identify security issues for remediation; evaluate firewall change requests and assess organizational risk * The CND Monitoring & Incident Response Analyst performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction * She/he receives data about and performs further analysis on Events of Interest to include Suspicious Cyber Activity Reports (SCARS). * Develops; refines; and performs advanced analysis techniques to uncover new or potential incidents * Analysis techniques may be refined into training and process improvements that are promulgated back to the CND Watch for sustained operations * Performs in-depth analysis techniques to uncover new or potential incidents and recommends defensive and proactive measures to thwart potential and malicious activity or inappropriate use by any internal or external entity to include: conducting malicious code activity analysis; determining the effects on a system or the network; assisting in gathering potential evidence for law enforcement; etc. * She/he prepares incident reports of analysis methodology and results. Because of the sensitive nature of the work being done for this government client, all candidates must hold a TS/SCI with Polygraph. Required Certifications: Employment is contingent upon having the required certifications at start of employment and upon keeping required certifications current. * DoD 8570 IAT Level 2 * One of the following: Security+CE; GSEC, SSCP; CCNA-Security; CISA; GCIH; GCED; CISSP; or CASP CE. * CNDSP Analyst certification: * One of the following: CEH*, GCIA; or GCIH. Position requires shift work: Panama 12-Hour Shift Schedule Example. (This is the schedule we follow today but is subject to change based on Government Requirements) SCHEDULE (ROTATION BETWEEN SHIFTS TAKES PLACE EVERY TWO MONTHS) MON TUE WED THU FRI SAT SUN MON TUE WED THU FRI SAT SUN MON WORK WORK OFF OFF WORK WORK WORK OFF OFF WORK WORK OFF OFF OFF * In some circumstances; Certified Ethical Hacker (CEH) training will be provided to cover the CNDSP Analyst certification requirement. If selected; certification must be obtained 30 days after training completion date. As part of your role/function on the program, you will be granted privileged user access. Privileged Users are subject to greater scrutiny as a direct result of the significant responsibilities placed upon them. Please be aware that because of these critical duties, you will be subject to additional IT system monitoring, and supervisory evaluation to ensure continuous adherence to Privileged User processes and procedures. Privileged Users are subject to a zero tolerance policy for security violations. Benefits of this Position: * Opportunity for Fast Growth within the program * Professional Development Assistance – Covering the Cost of Obtaining Professional & Technical Certifications (depending on program) * Educational Reimbursement – toward degree programs and individual coursework * 401K Match – with 100% vesting on day one * Health, Dental and Vision Coverage to keep you healthy, starting your first day * We know work-life balance is important, GDIT offers Paid Time Off, Plus 10 Paid Holidays * Parking and transit commuter benefits Why Work at General Dynamics IT? * Work with top talent and some of the brightest minds in your field * Support missions that make a difference to our Nation * Become part of an organization that that is committed to the highest ethical standards in all that we do * Thrive in the stability of a large organization, with the ability to move onto new opportunities, supporting different missions, building your career within GDIT * Want to move, or find a job close to home? We have positions in several locations in the United States and the world * Enjoy a culture that supports work-life balance General Dynamics is a Fortune Blue Ribbon Company and Clearance Jobs Top 10 Government Contractor. #ISDCJ #DPOST #ZRPOST As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors. With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services. GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities. General Dynamics Information Technology Chantilly VA

Cyber Threat Analyst, Principal (Grimlock)