Cyber Hunt & Incident Response Analyst

Employer
AboutWeb
Location
McLean, VA
Posted
Oct 05, 2018
Closes
Oct 27, 2018
Ref
18-00165
Function
Analyst
Hours
Full Time
Job ID: 18-00165
AboutWeb, LLC is looking for a Cyber Hunt & Incident Response Analyst. The candidate will be expected to perform analysis on hosts running on a variety of platforms and operating systems, to include, but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as embedded systems and mainframes.
  • Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams, SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current understanding of Computer Network Defense (CND) threat condition and determine which security issues may have an impact on the enterprise.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security.
  • Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or Bro as part of duties performing cyber incident response analysis.
  • Track and document CND hunts and incidents from initial detection through final resolution.
  • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential CND hunts and incidents within the enterprise.
  • Perform forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform real-time CND hunt and incident handling (e.g. forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Hunt and Incident Response Teams (IRTs).
  • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to appropriate constituencies.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • May be required to travel up to 25% of time.

Minimum Qualifications:
  • Bachelor's degree in a technical discipline with a minimum of 3 years related technical experience.
  • Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated Client background investigation (EOD) for continued employment.
  • Familiar with network analytics including Netflow/PCAP analysis.
  • Understanding of cyber forensics concepts including malware, hunt, etc.
  • Understanding of how both Windows and Linux systems are compromised.

Preferred Qualifications:
  • Client Suitability at the SCI level
  • Experience using Splunk for system data analytics and monitoring strongly preferred.
  • Experience performing cyber forensics, malware analysis, cyber hunt, etc. strongly preferred.
  • A professional certification such as GCFA, GNFA, GREM, or GCIH is highly desirable.
#AW

Similar jobs