PNOSC - Insider Threat / Computer Network Defense Analyst – TS/SCI – Alexandria, VA
7 days left
- Full Time
- Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering. Must be knowledgeable of, and fluent in the following applications and tools:
- SPLUNK - Running and developing in-depth SPLUNK Queries. Configuring Splunk AlertsAble to correlate information from various source databases with in SplunkFIDELIS – querying fidelis command post for incident informationHBSS – Query McAfee ePO for required security incident informationACAS – in-depth understanding of querying Tenable Security center for vulnerability information
- Monitoring over all progress of USCYBERCOM CTO Compliance utilizing the various tool setsAnalyze computer-generated threatsAssist in the gathering and preservation of evidence used in the prosecution of computer crimesConduct analysis of log files, evidence, and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusionConduct interviews of victims and witnesses and conduct interviews of suspectsDetermine and develop leads and identify sources of information in order to identify and prosecute the responsible parties to an intrusionDevelop an investigative plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the InternetDocument original condition of digital and/or associated evidence (e.g., via, written reports)Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, and public relations professionals)Examine recovered data for information of relevance to the issue at handFuse computer network attack analyses with criminal and counterintelligence investigations and operationsIdentify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action.Identify data or intelligence of evidentiary value to support counterintelligence and criminal investigationsIdentify digital evidence for examination and analysis in such a way as to avoid unintentional alterationIdentify outside attackers accessing the system from the Internet or insider attackers, that is, authorized users attempting to gain and misuse non-authorized privilegesIdentify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operationsConduct large-scale investigations of suspicious activities involving complicated computer programs and networksUse specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidenceMust possess and maintain a US Top Secret Security Clearance and be eligible for SCI. This position may require short-term deployments to austere locations worldwide.
- Must meet DoD 8570 requirements, CSSP Auditor and IAM level III upon hire Must achieve ITIL V3 Foundation Certification within six months of hire.
The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job. Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job. As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities. #DPOST #CJPOST