Today
Secret
Unspecified
Unspecified
IT - Security
disa pac site ford island/pearl harbor, HI (On-Site/Office)
Cyber Intrusion Analyst
PRIMARY RESPONSIBILITIES:
BASIC QUALIFICATIONS:
PREFERRED QUALIFICATIONS:
For more information please Contact Us Or send an email to HR@rmantras.com
- Location: DISA PAC SITE - Ford Island/Pearl Harbor, Hawaii
- Certification:
- Current DoD 8570 IAT Level II Certification (e.g. Sec+ CE) or higher at time of start.
- Current DoD 8570 CSSP Analyst Certification (e.g. CEH, CySA+), or ability to obtain one within 180 days of starting.
- Potential for Telework: No - 100% onsite
- Clearance: DoD Secret
PRIMARY RESPONSIBILITIES:
- Perform computer network incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats to the enterprise.
- Monitor various security tools and applications for possible malicious activities, investigate any associated alerts or indicators, and develop recommendations for a course of action, including mitigation strategies as necessary.
- Conduct analysis of low-level ("low and slow") events to identify unauthorized activity utilizing exploratory problem-solving or self-learning techniques.
- Conduct near real-time event triage and analysis, which can result in network traffic validations or a Mission Partner's incident report.
- Utilize formal monitoring policies and procedures that include the appropriate use of DoD-approved network monitoring and traffic analysis tools to assist with identifying suspicious, anomalous, or overtly malicious network traffic on a 24/7/365 basis.
- Review and analyze available logs in a timely manner to detect intruders and notify Mission Partners of activity through a formal reporting process/pending an incident report.
- Apply, develop, tune, and distribute or optimize new and existing countermeasures or guidance to prevent or mitigate potential cyber event impacts when possible.
- Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks.
- Understand attack signatures, tactics, techniques, and procedures associated with advanced threats.
- Requires good technical writing skills as each event, including the associated analysis, are documented in a ticketing system for review and action.
- Requires excellent communication skills as we are collocated with our customer and regular face-to-face interaction is necessary throughout the day, as well as significant coordination and communication between team members.
BASIC QUALIFICATIONS:
- Must have an active DoD Top Secret clearance.
- Bachelor's Degree and 4+ years of related experience; cyber courses/certifications or DISA customer experience may be substituted in lieu of degree.
- Current DoD 8570 IAT Level II Certification (e.g. Sec+ CE) or higher at time of start.
- Current DoD 8570 CSSP Analyst Certification (e.g. CEH, CySA+), or ability to obtain one within 180 days of starting.
- Experience working CND duties (e.g., Protect, Defend, Respond, and Sustain).
- Experience working with DoD / Government Leaders at all levels.
- Strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls.
- Experience evaluating packet captures.
PREFERRED QUALIFICATIONS:
- Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task.
- Knowledge of hacker tactics, techniques and procedures (TTP).
- Familiarity with computing security frameworks such as MITRE ATT&CK and Cyber Kill Chain.
- Monitoring of intrusion detection and computer defense appliances (Splunk, Elastic), applications, and analysis of associated alerts.
- Knowledge of advanced threat actor tactics, techniques, and procedures (TTP)
- Understanding of software exploits.
- Analyze packed and obfuscated code.
For more information please Contact Us Or send an email to HR@rmantras.com
group id: 91135009
