Active Cyber Defense Analyst -Greenbelt, MD - Georgia IT Inc.
Greenbelt, MD
About the Job
Active Cyber Defense Analyst
Location: Greenbelt, MD
Long Term Contract (15+ Months)
US Citizen Preferred
Role Description: The ACD Analyst will look through network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, hunt for Advanced Persistent Threats (APT).
Required Skills:
· Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in network and on host.
• Follow Security Operations Center (SOC) policies, procedures for incident reporting and management. Create a detailed Incident Report (IR) and contribute to lessons learned. .
• Analyze infrastructure build sheets, Configuration Management Database (CMDB), NIST 800-53 ATO artifacts, Vulnerability scans, Access Control Lists (ACL), and vendor documentation to thoroughly understand software behaviors and interactions. .
• Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
• Study and understand IANA, W3C, IETF and other internet bodies' protocol RFC definitions to understand violations and security weaknesses.
• Conduct forensic testing and operational hardening of multiple OS platforms.
• Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture.
• Work with SOC shift team to help contain intrusions.
• Provides detailed requirements to team security engineers, SIEM specialists, and other team capability developers to provide reusable hunt tactics and techniques for other team analysts.
Desired Experience:
• Thorough understanding of network protocol behaviors. Ability to understand netflow and PCAP.
• Thorough knowledge of open source tools to visualize PCAP data (Wireshark, TCPDump, etc.).
• Detailed knowledge of various forms of social engineering, including the ability to recognize and handle spear-phishing campaigns or other forms of social engineering attacks.
• Comprehensive knowledge of Windows and Linux behaviors, logging, vulnerabilities, exploits, and known attacks.
• Use of IPSec packet filtering and Windows firewalls with specific application to defense in depth of network based attacks, data corruption, data theft, credential theft, and administrative control.
• Red Team/Blue Team experience from a federal agency
Required Skills:
• Expert knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
• Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures
• Knowledge of how encryption, key management and cryptology works in the enterprise and in cyber data
• Understanding of Enterprise Architecture Standards such as the Department of Defense Architecture Framework (DODAF), Service-Oriented Architecture (SOA), the Open Group Architecture Framework (TOGAF), and/or the Amazon Web Services (AWS) Well Architected Framework
• Knowledge in the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines (risk profiling, control selection, control assessment, control monitoring)
• Expertise in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation
• Expertise in Application Penetration Testing (fuzzing, reverse engineering, Fortify or similar, IDA Pro, Kali, BackTrack, OllyDbg, SQLMap, etc.)
• Expertise in Proof of Concept (Exploit) development
• Understanding of Secure SDLC (threat modelling, security requirements, secure design, secure implementation, secure testing, secure maintenance)
• Knowledge of Mobile Application Security and MDM sensor data
• Expertise in Embedded Device Security
• Expertise in Malware Analysis
Location: Greenbelt, MD
Long Term Contract (15+ Months)
US Citizen Preferred
Role Description: The ACD Analyst will look through network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, hunt for Advanced Persistent Threats (APT).
Required Skills:
· Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in network and on host.
• Follow Security Operations Center (SOC) policies, procedures for incident reporting and management. Create a detailed Incident Report (IR) and contribute to lessons learned. .
• Analyze infrastructure build sheets, Configuration Management Database (CMDB), NIST 800-53 ATO artifacts, Vulnerability scans, Access Control Lists (ACL), and vendor documentation to thoroughly understand software behaviors and interactions. .
• Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
• Study and understand IANA, W3C, IETF and other internet bodies' protocol RFC definitions to understand violations and security weaknesses.
• Conduct forensic testing and operational hardening of multiple OS platforms.
• Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture.
• Work with SOC shift team to help contain intrusions.
• Provides detailed requirements to team security engineers, SIEM specialists, and other team capability developers to provide reusable hunt tactics and techniques for other team analysts.
Desired Experience:
• Thorough understanding of network protocol behaviors. Ability to understand netflow and PCAP.
• Thorough knowledge of open source tools to visualize PCAP data (Wireshark, TCPDump, etc.).
• Detailed knowledge of various forms of social engineering, including the ability to recognize and handle spear-phishing campaigns or other forms of social engineering attacks.
• Comprehensive knowledge of Windows and Linux behaviors, logging, vulnerabilities, exploits, and known attacks.
• Use of IPSec packet filtering and Windows firewalls with specific application to defense in depth of network based attacks, data corruption, data theft, credential theft, and administrative control.
• Red Team/Blue Team experience from a federal agency
Required Skills:
• Expert knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
• Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures
• Knowledge of how encryption, key management and cryptology works in the enterprise and in cyber data
• Understanding of Enterprise Architecture Standards such as the Department of Defense Architecture Framework (DODAF), Service-Oriented Architecture (SOA), the Open Group Architecture Framework (TOGAF), and/or the Amazon Web Services (AWS) Well Architected Framework
• Knowledge in the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines (risk profiling, control selection, control assessment, control monitoring)
• Expertise in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation
• Expertise in Application Penetration Testing (fuzzing, reverse engineering, Fortify or similar, IDA Pro, Kali, BackTrack, OllyDbg, SQLMap, etc.)
• Expertise in Proof of Concept (Exploit) development
• Understanding of Secure SDLC (threat modelling, security requirements, secure design, secure implementation, secure testing, secure maintenance)
• Knowledge of Mobile Application Security and MDM sensor data
• Expertise in Embedded Device Security
• Expertise in Malware Analysis
Source : Georgia IT Inc.