Cyber-Intelligence Analyst Senior Technical Specialist
Overview Vencore is a proven provider of information solutions, engineering and analytics for the US Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems. Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do. Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled and other protected categories Responsibilities Standard Job Description: Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks. Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff. Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution. Employs advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis. Supports internal HR/Legal/Ethics investigations as forensic subject matter expert. Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks. Reviews threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities. Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques. Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats. Develops analytical products fusing enterprise and all-source intelligence. May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols. Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense. Specific Job Description: Conduct Packet Capture (PCAP) analysis, to include log correlation and network traffic analysis in support of investigations and operations. Utilize understanding of network architectures, common protocols, uses, and how they apply to various network topologies. Use open source and commercial tools to process large PCAP data sets and correlate findings between system and network artifacts. Identify anomalous network activity and provide detailed documentation of findings, analysis and hypotheses Required: Demonstrated administrative and organizational skills. Excellent interpersonal skills and the capability to deal with personnel at all levels in the government, industry, and academia.Demonstrated briefing and presentation skills.MS Office ExperienceMinimum 4 year degree in Computer Science, Information Systems, Cyber Security, Computer Engineering, or related technical field.Minimum 8 years of analysis experience, 5 years of cyber analysis experience.Demonstrated proficiency in network security analysis toolsIC experienceDesired: Strong proficiency and recent experience (within last 3 years) performing PCAP analysis using common analysis tools (Wireshark, TShark, Splunk, Netwitness). Candidate must be strongly proficient at sessionizing, identifying and decoding protocols, extracting files, and applying standard filters.Expertise in using Python or bash scripting language to sort, de-duplicate and manipulate PCAP files. Must have working knowledge of relational databases to create schemas and leverage relational databases in PCAP processingProfiency in: developing and customizing Splunk using its XML templates for advanced configuration and macros; creating Customized Splunk queries using Splunk query language; and building Splunk dashboards with search forms, views, packaging and distributionStrong technical skills proficiency in the following areas: network communication using TCP/IP protocols, basic system administration, intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch) and open source information collection. Candidate must have a thorough understanding of Domain Name Service recordsExperience in data processing and analysis in a virtualized Linux environment. Must have working knowledge of Linux administration. Must be comfortable hosting basic web applications in an Apache/MySQL/PHP or IIS/MSSQL/ASP environments. AWS experience is a plus.Certifications: GIAC Network Forensic Analyst, OSCP, AWS Certified Solutions Architect Associate, Splunk Certified AdministratorRequires 12 to 15 years with BS/BA or 10 to 13 years with MS/MA or 7 to 9 years with Ph.D.