Cyber Defense Analyst (Threat Hunt)

ASRC Federal•Quantico, VA

3d•Hybrid

About The Position

ASRC Federal is seeking a highly skilled and experienced Cyber Defense Analyst (Threat Hunter) to join our dynamic team. The successful candidate will perform robust network security monitoring and proactively identify potential threats across our enterprise infrastructure. This role is critical for defending mission systems, conducting in-depth traffic and vulnerability analysis, and maintaining a strong security posture in support of Department of Defense (DoD) missions. This position will support our DCSA Contract based in Quantico VA. Remote flexibility available! Telework offered with a requirement to be onsite up to two (2) days a week at Quantico Marine Corps Base VA.

Requirements

At least two (2) Years – Hands-on technical cybersecurity experience and knowledge of Computer Network Defense concepts, DISA Security Technical Information Implementation Guides, DoD A&A Process, NIST SP 800-53, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cyber Security and Computer Network Defense policies.
Active Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI.
Bachelor's degree in Information Technology, Information Systems Management, Cybersecurity, or equivalent experience required.
Relevant military experience may be considered in lieu of a degree.
Must meet 8570 certification requirements at the time of hire.
Experience analyzing log files from network traffic logs, firewall logs, IDS logs, DNS logs and ESS to identify possible security threats (e.g., determine rogue systems, infected systems, unauthorized system changes, and unauthorized hardware connections).
Ability to identify violations of internet access by reviewing web content filtering logs in accordance with DoD policy, and Standard Operating Procedures (SOPs).
Experience in processing and handling JFHQ DODIN Cyber related tasks to completion.
Performance of threat hunting activities using DoD approved cyber tools through data hunting, manipulation, and presentation, including generating queries and reports for management and the end-customer.
Validation and confirmation of critical security events and assessing the impact of the event, by incorporating data from multiple tool sources.
Identifying evidence of illegal activity involving cybercrime offenses and examining computers that may have been involved in other types of crime or malware infection.
Use of forensic tools and investigative methods to find specific electronic data, namely associated with performing complex malware analysis.
Experience developing and maintaining SOPs for security monitoring.
Provide daily/weekly/monthly reports to senior leadership on key indicators of network security.

Nice To Haves

IAT Level II (e.g., CCNA Security, CySA +, GICSP, GSEC, Security+, SSSP or a CSSP Auditor Certification CEH, CISA, GSNA is preferred).

Responsibilities

Performing comprehensive network security monitoring and proactive threat hunting.
Safeguarding the network through continuous traffic analysis, vulnerability and wireless scanning.
Leveraging enterprise tools such as Splunk, CrowdStrike, and Endpoint Security Suite (ESS).
Collaborating with cross-functional IT and security teams to implement Information Assurance Vulnerability Management (IAVM) programs.
Managing Network Access control.
Providing insider threat support.
Monitoring data at rest.
Reviewing web content filtering.
Maintaining and upkeep of various cybersecurity applications and tools installed on servers and workstations to maintain high operational readiness.
Analyzing log files from network traffic logs, firewall logs, IDS logs, DNS logs and ESS to identify possible security threats (e.g., determine rogue systems, infected systems, unauthorized system changes, and unauthorized hardware connections).
Identifying violations of internet access by reviewing web content filtering logs in accordance with DoD policy, and Standard Operating Procedures (SOPs).
Processing and handling JFHQ DODIN Cyber related tasks to completion.
Performing threat hunting activities using DoD approved cyber tools through data hunting, manipulation, and presentation, including generating queries and reports for management and the end-customer.
Validating and confirming critical security events and assessing the impact of the event, by incorporating data from multiple tool sources.
Identifying evidence of illegal activity involving cybercrime offenses and examining computers that may have been involved in other types of crime or malware infection.
Using forensic tools and investigative methods to find specific electronic data, namely associated with performing complex malware analysis.
Developing and maintaining SOPs for security monitoring.
Providing daily/weekly/monthly reports to senior leadership on key indicators of network security.