Active Cyber Defense Analyst (ACD Analyst) - Greenbelt, MD - Georgia IT Inc.

Greenbelt, MD

About the Job

Active Cyber Defense Analyst (ACD Analyst)
Location: Greenbelt, MD
Duration: 6 months
Rate: DOE

Role Description:

The ACD Analyst will look through network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, hunt for Advanced Persistent Threats (APT).

Minimum Required Skills/Experience:

Expert knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures
Knowledge of how encryption, key management and cryptology works in the enterprise and in cyber data
Understanding of Enterprise Architecture Standards such as the Department of Defense Architecture Framework (DODAF), Service-Oriented Architecture (SOA), the Open Group Architecture Framework (TOGAF), and/or the Amazon Web Services (AWS) Well Architected Framework
Knowledge in the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines (risk profiling, control selection, control assessment, control monitoring)
Expertise in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation
Expertise in Application Penetration Testing (fuzzing, reverse engineering, Fortify or similar, IDA Pro, Kali, Back Track, OllyDbg, SQL Map, etc.)
Expertise in Proof of Concept (Exploit) development
Understanding of Secure SDLC (threat modelling, security requirements, secure design, secure implementation, secure testing, secure maintenance)
Knowledge of Mobile Application Security and MDM sensor data
Expertise in Embedded Device Security
Expertise in Malware Analysis
Expertise in a variety of web application protocols, web services (components including JavaScript, XML, JSON), scripting capabilities (PowerShell, Python, BASH) software development frameworks, operating systems, and networking technologies. Understanding of various web application frameworks such as ASP.NET, J2EE
Organizational Skills: Proven ability to plan and prioritize work, both their own and that of team. Follows tasks to their logical conclusion.
Problem Solving: Natural inclination for planning strategy and tactics. Ability to analyze problems and determine root cause, generating alternatives, evaluating and selecting alternatives and implementing solutions.
Results oriented: Able to drive things forward regardless of personal interest in the task.

Preferred Skills:

Thorough understanding of network protocol behaviors. Ability to understand net flow and PCAP.
Thorough knowledge of open source tools to visualize PCAP data (Wireshark, TCP Dump, etc.).
Detailed knowledge of various forms of social engineering, including the ability to recognize and handle spear-phishing campaigns or other forms of social engineering attacks.
Comprehensive knowledge of Windows and Linux behaviors, logging, vulnerabilities, exploits, and known attacks.
Use of IPsec packet filtering and Windows firewalls with specific application to defense in depth of network based attacks, data corruption, data theft, credential theft, and administrative control.
Red Team/Blue Team experience from a federal agency

Preferred Certifications: OSCP, CSSLP, GIAC (GPEN), GIAC (GWAPT), GIAC (GXPN), GIAC (GMOB), GIAC (GAWN), GIAC (GPYC), etc.

CFSR
CCNP, MCSE, RHCE

Source : Georgia IT Inc.