Mid-Level Cyber Defense Analyst

Position Summary:

Global Solutions Consulting (GSC) is a leading security and information technology company in Washington, DC. We are looking to hire a Mid-Level Cyber Defense analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Job Requirements:

• Ability to design incident response for cloud service models.
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of incident categories, incident responses, and timelines for responses.
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
• Strong written and verbal communication skills.
• Knowledge of incident response and handling methodologies.
• Knowledge of system administration, network, and operating system hardening techniques.
• Demonstrated ability to interact effectively with senior management and leadership.
• Knowledge of Application Security Risks (e.g., Open Web Application Security Project Top 10 list)
• Knowledge of the common networking and routing protocols (e.g., TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Security Clearance Requirement:

• Active Secret clearance

Certifications/Licenses:

• Must have, or be able to obtain within 3 months, one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP).
• 5+ years’ experience in Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
• Active Secret clearance or eligible to obtain a Secret clearance
• Bachelor’s degree or higher

Additional Experience Preferred:

• Strong securing network communications experience.
• Desirable additional certifications are those that address incident handling (identification, overview and preparation) buffer overflow, client attacks, covering tacks (networks, systems), denial of service attaches, network attacks, password attacks, reconnaissance, scanning (discovery and mapping, techniques, and defense), session hijacking and cache poisoning, techniques for maintaining access, web applications attacks, worms, bots, and bot-nets
• Recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in using security event correlation tools and design incident response for cloud service models.
• Experience identifying, capturing, containing, and reporting malware.
• Skill in preserving evidence integrity according to standard operating procedures or national standards.
• Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• Must have, or be able to obtain within 3 months, one of the following certifications: CERT Certified Computer Security Incident Handler (CSIH), ECC Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), GIAC Information Security Fundamentals (GISF), or ISC2 Certified Information System Security Professional (CISSP).
• Experience performing damage assessments.

Position Responsibilities:

• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
• Track and document cyber defense incidents from initial detection through final resolution.
• Coordinate with intelligence analysts to correlate threat assessment data.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Perform cyber defense trend analysis and reporting.
• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Coordinate incident response functions.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
• Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.