Cyber Security Technician

About The Position

Requirements

• Top Secret with SCI clearance.
• 2 to 5 years of experience with a BS/BA or 0 to 2 years with MS/MA/MBA or 8 to 10 years with no degree.
• Bachelor's degree in Computer Science, Information Systems, or equivalent education or work experience.
• Must have a current DoD 8570.1-M IAT Level II certification.

Nice To Haves

• Desired Certifications: CEH, GCIH, GCIA, GCFA.
• 1+ years in a SOC or Incident Response role.
• Experience with Cisco Firepower, Cisco Sourcefire, Cisco Advanced Malware Protection, Cisco Stealthwatch, Cisco Umbrella.
• Experience with deploying and writing signatures (Snort, YARA, HIPS).
• Experience with network hunting utilizing Zeek/Bro.
• Experience with McAfee ePO, HBSS.
• Experience with Splunk: Create log searches, dashboards, setting up alerts, and scheduled reports.
• Experience with ArcSight.
• Experience with Wireshark and packet analysis.
• Experience with Tanium or other endpoint solutions.
• Working knowledge of scripting languages such as Python, PowerShell, Shell.
• Knowledge of Regular Expressions.
• Knowledge of server and client operating systems.
• Participate in development and reporting of security metrics.

Responsibilities

• Support a government Cyber Security Operation Center (CSOC) and conduct security event monitoring, advanced analytics, and response activities in support of the CND operational mission.
• Perform technical analysis on a wide range of cybersecurity issues, focusing on network activity, host activity, and data.
• Triage IDS/IPS alerts, collect related data from various systems, and review open and closed source information on related threats & vulnerabilities.
• Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions.
• Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies.
• Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics.
• Document key event details and analytic findings in analysis reports and incident management systems.
• Identify, extract and characterize network indicators from cyber threat intelligence sources.
• Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability.
• Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy.
• Develop IDS/IPS signatures, test and tune signature syntax, deploy signatures to operational sensors.
• Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise.
• Develop security metrics and trend analysis reports.

Benefits

• 401K plan with company match.
• Medical, dental, vision, life insurance, AD&D.
• Flexible spending account.
• Disability.
• Paid time off.
• Flexible work schedule.
• Support for career advancement through professional training and development.