Immediate fulltime openings for Cyber Network Defense Analysts (CNDA) with an active Top Secret clearance to support a critical customer mission. This opportunity provides onsite advanced Cyber Defense, rapid incident response, and immediate investigation and resolution using host-based, network-based, and cloud-based cybersecurity analysis capabilities. Team personnel provide front line response for digital forensics/incident response (DFIR) and proactively hunting for malicious cyber activity.

The position is Remote with the ability to go onsite every 2-weeks or as needed for classified work. Our client is looking to onboard as a direct employee from day one.

Responsibilities:

- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Coordinate with enterprise-wide cyber defense staff to validate network alerts
- Perform management duties as required to support the team, projects, and analysts - Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
- Perform cyber defense trend analysis and reporting
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Provide daily summary reports of network events and activity relevant to cyber defense practices
- Receive and analyze network alerts from various sources within the enterprise and determine potential causes of alerts
- Provide timely detection, identification, and alerting of attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities - Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information - Identify and analyze anomalies in network traffic using metadata
- Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools
- Identify applications and operating systems of a network device based on network traffic
- Reconstruct a malicious attack or activity based off network traffic - Identify network mapping and operating system (OS) fingerprinting activities
- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave

Required Skills

- Must be US Citizen due to government requirement.
- Must have an active TS clearance or higher and able to obtain DHS Suitability. Must be SCI eligible.
- BS Computer Science, Cyber Security, Computer Engineering, or related degree and 8 years of network investigations experience; OR HS Diploma & 10 years of network investigations experience.
- Experience successfully developing and deploying signatures
- Experience detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
- Experience implementing incident handling methodologies
- Experience implementing protocol analyzers
- Experience collecting data from a variety of cyber defense resources
- Experience reading and interpreting signatures (e.g., snort)
- Experience performing packet-level analysis
- Experience conducting trend analysis

Desired Certifications
- One or more of the following professional certifications:
- GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE, GSEC (SANS401), Arcsight (or other SEIM solution), Network+, Security+