Cyber Defense Analyst (Threat Hunt)

About The Position

Requirements

• At least two (2) Years – Hands-on technical cybersecurity experience and knowledge of Computer Network Defense concepts, DISA Security Technical Information Implementation Guides, DoD A&A Process, NIST SP 800-53, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cyber Security and Computer Network Defense policies.
• Active Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI.
• Bachelor's degree in Information Technology, Information Systems Management, Cybersecurity, or equivalent experience required. Relevant military experience may be considered in lieu of a degree.
• Must meet 8570 certification requirements at the time of hire. IAT Level II (e.g., CCNA Security, CySA +, GICSP, GSEC, Security+, SSSP or a CSSP Auditor Certification CEH, CISA, GSNA is preferred).
• Experience analyzing log files from network traffic logs, firewall logs, IDS logs, DNS logs and ESS to identify possible security threats (e.g., determine rogue systems, infected systems, unauthorized system changes, and unauthorized hardware connections).
• Ability to identify violations of internet access by reviewing web content filtering logs in accordance with DoD policy, and Standard Operating Procedures (SOPs).
• Experience in processing and handling JFHQ DODIN Cyber related tasks to completion.
• Performance of threat hunting activities using DoD approved cyber tools through data hunting, manipulation, and presentation, including generating queries and reports for management and the end-customer.
• Validation and confirmation of critical security events and assessing the impact of the event, by incorporating data from multiple tool sources.
• Identifying evidence of illegal activity involving cybercrime offenses and examining computers that may have been involved in other types of crime or malware infection.
• Use of forensic tools and investigative methods to find specific electronic data, namely associated with performing complex malware analysis.
• Experience developing and maintaining SOPs for security monitoring.
• Provide daily/weekly/monthly reports to senior leadership on key indicators of network security.

Nice To Haves

• IAT Level II (e.g., CCNA Security, CySA +, GICSP, GSEC, Security+, SSSP or a CSSP Auditor Certification CEH, CISA, GSNA is preferred).

Responsibilities

• Perform robust network security monitoring and proactively identify potential threats across our enterprise infrastructure.
• Defend mission systems.
• Conduct in-depth traffic and vulnerability analysis.
• Maintain a strong security posture in support of Department of Defense (DoD) missions.
• Perform comprehensive network security monitoring and proactive threat hunting.
• Safeguard the network through continuous traffic analysis, vulnerability and wireless scanning, and leveraging enterprise tools such as Splunk, CrowdStrike, and Endpoint Security Suite (ESS).
• Collaborate with cross-functional IT and security teams to implement Information Assurance Vulnerability Management (IAVM) programs.
• Manage Network Access control.
• Provide insider threat support.
• Monitor data at rest.
• Review web content filtering.
• Maintenance and upkeep of various cybersecurity applications and tools installed on servers and workstations to maintain high operational readiness.
• Analyze log files from network traffic logs, firewall logs, IDS logs, DNS logs and ESS to identify possible security threats (e.g., determine rogue systems, infected systems, unauthorized system changes, and unauthorized hardware connections).
• Identify violations of internet access by reviewing web content filtering logs in accordance with DoD policy, and Standard Operating Procedures (SOPs).
• Process and handle JFHQ DODIN Cyber related tasks to completion.
• Perform threat hunting activities using DoD approved cyber tools through data hunting, manipulation, and presentation, including generating queries and reports for management and the end-customer.
• Validate and confirm critical security events and assess the impact of the event, by incorporating data from multiple tool sources.
• Identify evidence of illegal activity involving cybercrime offenses and examine computers that may have been involved in other types of crime or malware infection.
• Use forensic tools and investigative methods to find specific electronic data, namely associated with performing complex malware analysis.
• Develop and maintain SOPs for security monitoring.
• Provide daily/weekly/monthly reports to senior leadership on key indicators of network security.

Benefits

• health care
• dental
• vision
• life insurance
• 401(k)
• education assistance
• paid time off
• holidays
• any other paid leave required by law