? Perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
? Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
? Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
? Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or
Bro as part of duties performing cyber incident response analysis.
? Track and document CND hunts and incidents from initial detection through final resolution.
? Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.
? Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
? Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
? Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
? Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
? Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
? Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
? May be required to travel up to 25% of time. Minimum Qualifications:
? Bachelor’s degree in a technical discipline with a minimum of 3 years related technical
? Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.
? Familiar with network analytics including Netflow/PCAP analysis.
? Understanding of cyber forensics concepts including malware, hunt, etc.
? Understanding of how both Windows and Linux systems are compromised.