Programmer/Analyst - Info Assurance
Under general supervision, defends CCR-P's computers from external and internal attack, and prevents or detects data spillage.
- Designs, implements, maintains and monitors controls and procedures to prevent external penetration of CCR-P computer systems, detects advanced persistent threats (APT) and assists to isolate and eliminate them, detects malfeasance by computer users and report insider threats, and detects and reports data spillage.
- Designs, documents, writes, tests, and deploys programs that continuously monitor CCR-P computer systems for abnormal conditions.
- Designs, writes, maintains and runs content analysis programs to automatically detect data that may be inadequately protected.
- Monitors computer security logs, audits trails and intrusion detection flags on a daily basis to detect security anomalies.
- Reviews and/or sets configuration parameters on defensive computer security and SIEM appliances.
- In cooperation with system administration staff, runs automated and manual checks to verify that CCR-P system configurations match their specifications.
- Runs automated vulnerability detection tools and malware detection suites, and analyze the results.
- Provides forensic and incident response support to CCR-P's Information Systems Security Officer, as required.
- Performs other duties as assigned.
- U.S. Citizenship is required.
- Bachelor's Degree, or Associate Degree with five years’ experience in IA field.
- Mastery of Linux command line interface and UNIX file system permissions.
- Working knowledge of Windows Server operating system and command line tools.
- Working knowledge of TCP/IP networking.
- Ability to read, design, and write new Bash scripts, Perl scripts, SNORT signatures, cron jobs, and SPLUNK filters, to implement defensive techniques.
- Ability to use vulnerability analysis tools, such as Nessus and Metasploit, to detect vulnerabilities.
- Ability to set SIEM thresholds and use tools like SNORT, Netflow, and firewall and appliance logs to detect attacks.
- Ability to use packet capture, memory analysis, and other forensic tools to understand specific attacks.
- Ability to communicate clearly verbally and in writing.
- Ability to attain the DoD Directive 8570 Computer Network Defense Analyst (CND-A) qualification shortly after starting work.
- Ability to obtain and maintain necessary security clearances.