|
Network Based Analyst II with Security Clearance - Arlington Virginia
Company: Base One Technologies Location: Arlington, Virginia
Posted On: 04/28/2024
Provides remote and onsite advanced technical assistance, proactive hunting, rapid onsite incident response, and immediate investigation and resolution using host-based, network-based and cloud-based cybersecurity analysis capabilitiesTeam personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity--- We are seeking Cyber Network Defense Analysts (CNDA) to support this critical customer mission--- The CDNA uses information collected from a variety of sources to monitor network activity and analyze it for evidence of suspicious behavior--- Monitoring and analysis are performed to identify and report events that occur, or might occur, within the network, in order to protect information, information systems, and networks from threatsResponsibilities: --- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources --- Coordinate with enterprise-wide cyber defense staff to validate network alerts --- Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment --- Perform cyber defense trend analysis and reporting --- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack - Provide daily summary reports of network events and activity relevant to cyber defense practices - Receive and analyze network alerts from various sources within the enterprise and determine possible causes of alerts --- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities - Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity --- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information --- Identify and analyze anomalies in network traffic using metadata --- Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools - Identify applications and operating systems of a network device based on network traffic - Reconstruct a malicious attack or activity based off network traffic - Identify network mapping and operating system (OS) fingerprinting activities --- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave Required Skills/Clearances: --- U.SCitizenship - Active TS/SCI clearance - Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability - 2+ years of direct relevant experience in cyber defense analysis using leading edge technologies and industry standard cyber defense tools - Experience successfully developing and deploying signatures --- Experience detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort) - Experience implementing incident handling methodologies --- Experience implementing protocol analyzers --- Experience collecting data from a variety of cyber defense resources --- Experience reading and interpreting signatures (e.gsnort) --- Experience performing packet-level analysis - Experience conducting trend analysis Desired Skills: --- Python programming experience - --- Strong math and science background --- Experience with Carnegie Mellon SiLK tool suite Required Education: BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 4+ years of network investigations experienceDesired Certifications: One or more of the following professional certifications: GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE --- GSEC (SANS401), Arcsight (or other SEIM solution), Network+, Security+ More...
Register an account with us and set up job agents! We'll email you immediately when jobs like this are posted on our site.
|
|