Cyber Threat Security Analyst, Principal
CYBER THREAT ANALYST - PRINCIPAL
Candidate MUST HAVE a TS/SCI with Polygraph security clearance in order to be considered.
The contract provides Computer Network Defense and Analysis (CND) to the customer’ s network. Because the customer allows their user community to access their personal email accounts while on site, there is a lot of spam hitting their network regularly. This contract is responsible for the 24 x 7 x 365 protection of the customer’ s network from maliciously intended viruses and attacks on their network. As part of this they are looking for two Intrusion Detection Systems (IDS) Cyber Security Analysts to come and join their team.
Threat Intelligence Analyst that will be responsible for researching and providing insight and intelligence on new and existing cyber threats. The candidate will be part of a small team that is working to identify adversary attempts to compromise the customer' s network. The candidate will also support the program' s engineering team and other security analysts with their providing expert analysis and insight into attack campaigns and threats to better inform engineering and design decisions.
- Leads efforts for conducting research, analysis, and correlation across a wide variety of all source cyber threat data sets (indications and warning).
- Leads efforts for monitoring external threat data sources to maintain currency of CND threat conditions and determine which security issues may have an impact on the enterprise.
- Researches, identifies, and verifies new cyber threat adversary tools, tactics, and processes (TTPs).
- Performs detailed analysis of cyber threat adversary and develops recommendations for countermeasures.
- Assesses and identifies Advanced Persistent Threat (APT) activities.
- Leads focused cyber threat operations to include documentation planning support and execution.
- Leads efforts for CND trend analysis and threat intelligence reporting.
- Develops and documents guidance, processes, and procedures for resource planning, operations, and analysis of cyber threat data.
- Contributes to the completion of milestones associated with specific projects.
- Provides solutions to a variety of complex technical problems.
- Plans and conducts assignments, generally involving the larger and more important projects or more than one project.
- May be considered a Lead.
- A bachelor’ s degree
- Minimum of 7+ years of progressively responsible experience in cyber security analysis, incident response, or related experience.
- 3 years' experience in technology/tools specific to the target platforms.
- 8570-compliant IAT Level I or CND-A
- Previous experience as Threat Researcher and/or Intelligence Analyst
- Research experience in tracking cyber threat and malware campaign activity
- Tool agnostic ability to conduct preliminary malware analysis.
- Ability to create, modify, and implement both Snort and YARA signatures.
- Prior experience in network forensics with an emphasis on detecting malicious activity using network traffic
- Strong understanding of Operating Systems and Network Protocols
- Strong scripting and task automation skills
- Experience doing dynamic malware analysis
- Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
- Piece together intrusion campaigns, threat actors, and nation-state organizations
- Manage, share, and receive intelligence on APT adversary groups
- Generate intelligence from their own data sources and share it accordingly
- Identify, extract, and leverage intelligence from APT intrusions
- Expand upon existing intelligence to build profiles of adversary groups
- Leverage intelligence to better defend against and respond to future intrusions.
- Develop and produce reports on all activities and incidents to help maintain day to day status, develop and report on trends, and provide focus and situational awareness on all issues.
- Reports shall be produced on a daily, weekly monthly, and quarterly basis capturing and highlighting status, preparedness, and significant issues.
- Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs.
Job Type: Full Time