This role provides technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems. The role designs evaluates, develops and implements security requirements as part of an Agile team. Assists the ISSOs with preparing documentation for RMF (Risk Management Framework). Responsible for analyzing and developing test procedures and contingency plans as part of the assessment and authorization (A&A) process. Conducts/Perform complex risk and vulnerability assessments including development of risk mitigation strategies. Recommends system enhancements to improve security deficiencies. Develops, tests, and integrates/automates security tools. Assess system configurations and installs security tools, scans systems to determine compliancy and report results and evaluates products and various aspects of system administration. Conducts and evaluates security program audits and develops solutions to minimize identified risks. Aids in computer incident investigations and evaluations.
· Operating in a command-line environment
· Familiarity and/or experience performing cyber threat analysis based on Indicators of Compromise (IOCs)
· Experience performing open source analysis for cyber event correlation, data enrichment, and threat hunting
· An understanding of Advanced Persistent Threat (APT) cyber activity with an understanding of common intrusion set tactics, techniques, and procedures (TTPs)
· Technical education (formal or informal) on network communication, net-defense, and common attack techniques
· Ability to perform data analysis, aggregation, event correlation
· Writing ability to author various types of cyber threat products tailored to computer network defenders
· Very high attention to detail and desire to learn and contribute
· Demonstrated motivation to maintain awareness of current cybersecurity and threat intelligence news and trends
· Work with multiple operating systems relevant to our customer environments (Windows, Mac, Linux) and the similarities and differences in network traffic generated in each.
· Work with basic security concepts and terminology such as the CIA triad, industry best practices, risk, vulnerability, threat, attack vectors, encryption, encoding, and various types of threat actors.
· Process IDS alerts and identifying incidents and events in customer data.
· Conduct packet level analysis using tcpdump or Wireshark on the session and surrounding traffic of an IDS alert.
· Perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic.
· Writing incident reports, process documentation, and interact with customer.
EDUCATION & EXPERIENCE:
Candidate must have a MS with 15-20 years of prior relevant experience or Doctorate with 13-16 years of prior relevant experience.(in Computer Science, Engineering, Information Technology, System Administration, Cyber Security),
CISSP and/or ISSEP Certification
• Active Top Secret Clearance with FS Poly Clearance
• Eight or more years of information assurance and cyber security engineering experience
• Can work independently of direct supervision
• Ability to build strong customer relationships
• Five or more years of information assurance and cyber security engineering experience
• Experience with the Risk Management Framework (RMF) and ICD 503 Security Accreditation processes.
Please apply to firstname.lastname@example.org