Defensive Counter Cyber - DCC

About The Position

Requirements

• DoDD 8570.01‐M/8140.01 IAT Level III CND
• Active TS/SCI
• More than 5 years of experience with extensive knowledge of operating systems fundamentals.
• BA/BS or MA/MS
• More than five (5) years of experience with extensive knowledge of Operating systems fundamentals (Windows and/or Unix/Linux), System administration (Windows and/or Unix/Linux), Network traffic analysis, Penetration testing, Network security, Incident response & Incident response handling, Computer and network forensics, Vulnerability and malware analysis.
• Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e‐mail, domain controller, file server, Active Directory) and analysis of their logs
• Extensive knowledge of digital evidence collection, handling and security
• Experience with computer incident response and analysis and report dissemination
• Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort
• Experience with standard DoD network topology and DMZ boundary protection
• Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.
• Expert knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)

Responsibilities

• Perform threat hunting for suspicious activity based on anomalous activity and indicators of compromise from various intelligence sources and toolsets.
• Comply with 3rd party MOU/MOA monitoring and reporting requirements.
• Identify intrusions and vulnerabilities and recommend mitigation strategies and techniques to secure networks.
• Identify, analyze and develop defensive counter cyber measures to thwart advanced persistent threats and intrusions of AF networks, domains and enclaves.
• Conduct and support Defensive Counter Cyber Operations to interactively search for Advanced Persistent Threats (APT) and Indicators of Compromise (IOC) using enhanced data collection and analysis methods.
• Provide incident response impact assessments.
• Produce network security posture assessments.
• Analyze systems for suspicious activities related to the DCO mission
• Determine exploitation methods and attack vectors.
• Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
• Create and document metrics for reporting and analysis to improve weapon system processes, procedures, and mission execution.
• Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures.
• Provide requested information to operational flight commander as it relates to the Incident Response processes and procedures.
• Utilize the Mitre ATT&CK Matrix in performance of duties.
• Plan hypothesis‐based threat hunt missions.
• Utilize current Cyber Threat Intel team provided information in threat prioritization/hunt creation.
• Execute hunt mission within specified cyber terrain.
• Coordinate with ESM and Content Development to automate threat hunts and/or develop standing detections for threat hunts.
• Request Tactical Validation and Assessment (TVA) to validate hunt techniques and/or created alerting mechanisms.
• Identify and report coverage gaps in detection and weapon system visibility/capability.
• Develop hypothesized schemes‐of‐maneuver of adversary behavior as needed for hunt missions in coordination with Cyber Threat Intel team.
• Leverage the MITRE ATT&CK matrix to map adversarial TTPs to current security coverage within specified cyber terrain.
• Develop threat hunts for emerging cyber threats, to include 0‐day proof‐of‐concepts, CVE exploitation, and adversary TTPs.
• Organize and analyze collected data to determine trends, perform long‐tail and frequency analysis of host and network artifacts, and baseline enterprise activity.

Benefits

• paid holidays
• paid time off including sick and vacation leave
• medical, dental and vision insurance
• flexible spending accounts
• short and long term disability
• company paid life insurance
• 401(k) with a company match and discretionary profit sharing
• tuition reimbursement