What you'll do:

  • Provide Subject Matter Expert (SME) level Monitoring support for the Shield AI network.
  • Share in-depth knowledge and intelligence gained from cyber security events with stakeholders.
  • Protect against and prevent potential cyber security threats and vulnerabilities.
  • Provide SME level response, technical assistance and expertise for significant cyber incidents, investigations and related operational events.
  • Conduct detailed research to increase awareness and readiness levels of the security operations center.
  • Conduct advanced analysis and recommend remediation steps.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Conduct all-source research to determine threat capability and intent.
  • Develop and maintain analytical procedures to meet changing requirements.
  • Coordinate and respond during significant cyber incidents.
  • Develop content for cyber defense tools.
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
  • Work with stakeholders to resolve computer security incidents and vulnerability compliance.
  • Collect and analyze intrusion artifacts (such as source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.

Required qualifications:

  • Bachelors Degree
  • Certifications (CYSA)
  • Experience with cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
  • Expertise in traditional computing technologies architecture, design and security.
  • Expertise in planning, implementation and usage of log aggregation and security analysis tools.
  • Demonstrated knowledge utilizing native security and logging tools and centralized log aggregation utilizing a variety of methods.
  • Demonstrated knowledge of the Incident Response Lifecycle and how it applies to cloud, legacy and hybrid environments.
  • Ability to identify remediation steps for cybersecurity events.
  • Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
  • Strong organizational skills.
  • Proven ability to operate in a time sensitive environment. 
  • Proven ability to communicate orally and written.
  • Proven ability to brief (technical/informational) senior leadership.
  • Ability to scope and perform impact analysis on incidents.

Preferred qualifications:

  • Knowledge of network architecture, design and security.
  • Ability to analyze static and dynamic malware analysis tools and techniques.
  • Skill in analyzing anomalous code as malicious or benign.
  • Knowledge of intersection of both on-prem and cloud-based technologies.
  • Knowledge of system design and process methodologies.
  • Experience in developing and delivering comprehensive training programs. 
  • Experience collaborating with cross functional teams.
  • Experience working in the intra agency environment. 
  • Ability to communicate technical concepts to executive level leadership.
  • Skill in detecting host and network based intrusions via intrusion detection technologies
  • Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
#LI-AM1#LE

Location

Washington DC Metro Area

Job Overview
Job Posted:
5 months ago
Job Expires:
Job Type
Full Time

Share This Job: