Cyber Security Analyst - 1

Cyber Security Analyst - 1

Newberry Group is seeking a Cyber Security Analyst supporting the DISA PAC 24/7 Cyber Network Defense (CND) operation. This position does require the ability to work rotating shifts.

Job Description

Monitor the integrity and security of host and network-based systems at the enterprise level as part of a tier-2 Cyber Defense Service Provider (CDSP). Coordinate resources during enterprise incident response efforts. Employ advanced forensic tools and techniques for attack reconstruction. Support internal investigations as forensic SME. Perform network traffic analysis as it pertains to the cyber security of communications networks. Review threat data and develops custom signatures for Open Source IDS or other custom detection capabilities. Correlate actionable security events from various sources. Understand attack signatures, tactics, techniques and procedures associated with advanced threats. Develop analytical products fusing enterprise and all-source intelligence. May conduct malware analysis of attacker tools and reverse engineer attacker encoding protocols.

Primary Responsibilities

Member of the Network Assurance (NA) Team (DISA GSM-O program).

Lead/support NA Activities for DISA PAC customers within the USPACOM Area of Responsibility (AOR).

Work closely with Govt System Control Officers to provide guidance within the CDSP AOR.

Provide CND reports, trends, responses, mitigations, analysis & information dissemination.

Provide C2 support, situational awareness support, and provide leadership & support for all CND applicable activities within Protect, Detect, Respond, and Sustain.

Support teams within a performance-based environment with pre-determined Acceptable Levels of Performance (ALP’s).

Support the development, documentation and tracking of measurements & metrics relevant to the ALP’s.

Interface with Govt counterparts, both CONUS & OCONUS, along with Leidos and sub team members.

Work as a technical leader within the CDSP Team, responsible for maintaining the integrity & security of enterprise-wide systems & networks.

Provide technical leadership to CND Teams supporting security initiatives through predictive & reactive analysis, and by articulating emerging trends to leadership & staff.

Perform network traffic analysis utilizing raw packet data, net flow data, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks

Correlate actionable security events from various sources, including Security Information Management System (SIMS) data & develop unique correlation techniques

Utilize knowledge of attack signatures, tactics, techniques and procedures to aid in the detection of Zero-Day attacks

Interface with external entities including law enforcement, intelligence community & other government agencies

Provide limited analysis of incidents for CDSP customers by determining the incidents‘ nature, and formulating responses as well as recommended mitigating actions; identifying & providing the ability to surge during emergencies; correlating event & incident data; determining possible effects on the DISN, customer networks & other organizations.

Review threat data from various sources & aid in the development of custom signatures for Open Source & COTS IDSes.

Basic Qualifications

BS and 4+ years of prior relevant experience (experience may be substituted in lieu of a degree).

Must be have the ability to work a rotating shift schedule.

Must have active Top Secret Clearance with ability to obtain TS/SCI.

Must hold DoD-8570 IAT Level 2 baseline certification (Security+ CE, CISSP or equivalent).

Must have experience supporting and/or leading CND or related teams.

Must have experience working CND duties (e.g., Protect, Defend, Respond, and Sustain).

Must have experience working with DoD / Government Leaders at all levels.

Must have strong communication skills (both written and verbal).

Must have a strong understanding of basic computer networking concepts, including the TCP/IP protocol, TCP ports, the HTTP protocol, the SMTP protocol, IP subnets, and DNS.

Preferred Qualifications

IAM Level III Certification (GSLC, CISM, CISSP).

At least one other IA certification completed, i.e., SSCP, CSIH, GCIA, GCIH or CEH.

Linux Administrative skills.

Command Line Scripting skills (PERL, Python, BASH shell scripting) to automate analysis tasks.

Knowledge of hacker tactics, techniques and procedures (TTP).

Be able to conduct malware analysis.

Demonstrated hands on experience with various static and dynamic malware analysis tools.

Knowledge of advanced threat actor tactics, techniques and procedures (TTP)

Understanding of software exploits.

Ability to analyze packed and obfuscated code.

Comprehensive understanding of common Windows APIs and ability to analyze shellcode.

Familiarity with Snort and Yara malware detection logic.

Experience working with various network and host-based IDS and IPSes, including Sourcefire, McAfee ESM, and FireEye CMS.

Experience manipulating data using various SIMs, such as ArcSight and Splunk.

A comprehensive understanding of the Lockheed Martin Cyber Kill Chain.