1+ months

Cyber Threat Analyst, Sr. (Grimlock)

Chantilly, VA
Apply Now
Apply on the Company Site
Job Description: Plan and investigate cyber incidents including establishing cyber incident cases:  Set up a response plan with procedures.  Focus and coordinate with I&W to focus on incident prevention.  Incident prevention is especially important in order to reduce the seriousness of a cyber incident.
Incident management: detect potential/actual issues; contain the event, especially when related to malware installed on servers; remediate including eradication of malware; recover from the event and restore systems to full functionality; perform computer security incident response activities for a large organization, coordinate with other government agencies to record and report incidents.  Monitor & analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.  Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.  Communicate alerts to agencies regarding intrusions and compromises to their network infrastructure, applications & operating systems. Assist with implementation of counter-measures or mitigating controls.  Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.  Perform periodic and on-demand system audits and vulnerability assessments including user accounts, application access, file system and external Web integrity scans to determine compliance.  Prepare incident report of analysis methodology and results.  Prepare incident reports of analysis methodology and results.  Provide guidance and work leadership to less-experienced technical staff members.  Maintain current knowledge of relevant technology. Participate in special projects as required.
Prerequisites: / Qualifications:  Must be able to satisfy requirements for Computer Network Defense (CND) Analyst, Infrastructure Support, Incident Responder, and Auditor positions in accordance with the ND 50-05 (IAWEP) guidance. Must possess at least five (5) years experience in the Information Systems (IS) environment.
Specific experience in:
  • advanced use of forensic tools/investigations;
  • investigating advanced persistent threat (APT), hacker/breach investigations, intrusion analysis, and advanced investigative strategies; advanced computer forensics methodology;
  • in-depth Windows FAT and exFAT file system examination;
  • remote & complex forensic acquisition/analysis tactics;
  • advanced memory acquisition & analysis;
  • live response & volatile evidence collection;
  • system restore points & volume shadow copy exploitation; file system timeline analysis; super timeline analysis;
  • file system and data layer examination;
  • metadata and file name layer examination;
  • file sorting and hash comparisons; advance file recovery;
  • discovering unknown malware on a host; recovering key windows files;
  • indicators of compromise development & usage; step-by-step methodologies to investigate intrusion cases.
  • extensive experience with Wireshark and Flow analysis tools.

Education:  Bachelors in Computer Science (Information Management, Computer Information Systems (CIS), or five (5) years of practical experience in the IS environment. Candidate must possess the following certifications: CEH. Real-world experience in cyber incident response/reconstruction/analysis, SIEM operations/maintenance, and malware analysis is desired.
Required Clearance: U. S. Citizen; minimum TS//SCI and CI Poly

Education:  Bachelors in Computer Science (Information Management, Computer Information Systems (CIS), or five (5) years of practical experience in the IS environment. Candidate must possess the following certifications: CEH. Real-world experience in cyber incident response/reconstruction/analysis, SIEM operations/maintenance, and malware analysis is desired.
 
Required Clearance: U. S. Citizen; minimum TS//SCI and CI Poly
Posted: 2018-09-24 Expires: 2018-12-13

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Cyber Threat Analyst, Sr. (Grimlock)

AT&T
Chantilly, VA

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast