CYBER THREAT ANALYST (TCP/IP)

About The Position

Requirements

• Possess an active TS/SCI with Polygraph security clearance
• Bachelor’s Degree in computer science, information systems, network forensics or other data analysis roles.
• Seven (7+) years’ experience working in the areas of intelligence, information security, network forensics, insider threat or security operations.
• Experience with XKS creating general queries, fingerprinting, and identifying atypical events.
• Experience with Elastic/Splunk/ or other Security Information and Event Management (SIEM) experience creating visualizations and dashboards.
• Understanding of TCP/IP communication protocols and packet flows based on IP traffic; analysis of Packet Capture (PCAP) traffic in Wireshark
• Familiarity writing signatures in Zeek and/or Snort
• Strong understanding of common attack vectors and network defense strategies.

Responsibilities

• Provide advanced network protocol analysis and security expertise.
• Lead deep-dive analysis of complex network traffic to assess the capabilities and activities of cyber criminals.
• Deliver actionable insights to stakeholders with the common goal to prevent and eradicate threats to critical U.S. systems.
• Understand data in various formats to extract and enrich information to enhance its value.
• Design and implement advanced network monitoring and detection strategies.
• Collaborate with development teams and articulate requirements/enhancements for capabilities, tools and strategies.
• Document findings and create detailed reports to ensure tradecraft is continually updated.
• Present results to technical and non-technical stakeholders.