Cyber Hunt & Incident Reponse Analyst – Arlington, VA

? Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.

? Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.

? Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.

? Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or

Bro as part of duties performing cyber incident response analysis.

? Track and document CND hunts and incidents from initial detection through final resolution.

? Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.

? Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.

? Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).

? Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.

? Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.

? Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.

? Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.

? May be required to travel up to 25% of time. Minimum Qualifications:

? Bachelor’s degree in a technical discipline with a minimum of 3 years related technical

experience.

? Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

? Familiar with network analytics including Netflow/PCAP analysis.

? Understanding of cyber forensics concepts including malware, hunt, etc.

? Understanding of how both Windows and Linux systems are compromised.

About admin

Editorial Staff at SalesJobinfo is a team of Career experts led by damage_brain. Page maintained by damage_brain.

Leave a Reply

Your email address will not be published. Required fields are marked *