Cyber Defense Analyst

About The Position

Requirements

• BA/BS in Computer Science, Information Technology, Information Assurance, or a related field is desired.
• TS/SCI Clearance
• Alternatively, 8+ years of relevant professional experience in CND or related fields.
• Must have 5+ years of concentrated experience in CND.
• 3+ years of professional experience in monitoring and investigating alerts from cybersecurity tools.
• Effective interpersonal, organizational, time management, writing/documentation, and briefing skills with strong attention to detail.
• Strong analytical, conceptual, and problem-solving skills.
• Proven ability to communicate effectively and develop/present presentations.
• Ability to think outside the box by utilizing IT knowledge and cybersecurity tool output to discover instances of malicious activity.
• Proven ability to prioritize, execute, and complete tasks with little to no direction in a high-pressure environment.
• Moderate experience utilizing Federal, DoD, IC, and industry standards.
• Moderate experience in the development and implementation of CND TTPs.
• Moderate experience in the operational use of NIDPS (e.g., Cisco FirePower, Palo Alto NGFW) and host-based intrusion detection/prevention systems (e.g., Trellix ePO, Microsoft Defender, Tanium).
• Moderate experience in the operational use of SIEM systems (e.g., Splunk, Elastic).
• Moderate knowledge of policies and processes related to CND execution.
• Moderate knowledge of incident management lifecycle processes.
• Moderate knowledge of network security architecture concepts, including topology, protocols, and components.
• Knowledge of common adversary TTPs in assigned areas of responsibility.
• Moderate knowledge of common enterprise services such as domain controllers, print, email, DNS, and web servers.
• Knowledge of network traffic packet captures with capabilities such as WireShark or NIKSUN.
• Moderate knowledge in identifying and classifying attack vectors, malware detection and analysis, IDS/IPS rule/signature writing, and countermeasure development.
• Moderate knowledge of firewall rules and routing rules.
• Moderate knowledge of scripting and coding languages (e.g., Python, Perl, Ruby, JavaScript

Responsibilities

• Monitor and investigate alerts from cybersecurity tools to identify potential threats and malicious activities.
• Utilize Network Intrusion Detection/Prevention Systems (NIDPS) and Security Information and Event Management (SIEM) systems to analyze network traffic and detect anomalies.
• Develop and implement computer network defense tactics, techniques, and procedures (TTPs).
• Create and maintain "best practices," manuals, and standard operating procedures in alignment with Federal, DoD, IC, and industry standards.
• Participate in incident management lifecycle processes, including identification, categorization, eradication, response, recovery, and mitigation of cybersecurity incidents and breaches.
• Conduct penetration testing and Red Teaming activities to assess and enhance the security posture of the organization.
• Perform malware detection and analysis, IDS/IPS rule/signature writing, and countermeasure development.
• Utilize scripting and coding languages to automate tasks and enhance security measures.
• Collaborate with cross-functional teams to ensure the integrity and security of IT systems and networks.
• Provide briefings, write reports, and disseminate intelligence related to cybersecurity threats and incidents.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.