Government Network Cyber Analyst

Alku Technologies
Washington, DC
Apr 06, 2021
Apr 20, 2021
Full Time
Network Cyber Analyst Candidate must have a TS/SCI with polygraph security clearance Program Description: The contract provides Computer Network Defense and Analysis (CND) to the customer's network. Because the customer allows their user community to access their personal email accounts while on site, there is a lot of spam hitting their network regularly. This contract is responsible for the 24 x 7 x 365 protection of the customer's network from maliciously intended viruses and attacks on their network. This specific team is responsible for all of these functions but across a cloud environment. Day to Day Responsibilities: As a Cyber Security Analyst, the tasks will include analyzing all relevant cyber security event data and other data sources for attack indicators and potential security breaches; produce reports, assist in coordination during incidents; and coordinate with the O team to maintain all security monitoring systems are on-line, up to date, and fully operational. This task references analytical responsibilities for all systems and /or projects within CIRT. To include all existing and future network and host-based protection. Day to day responsibilities may include: Monitor intrusion detection and prevention systems and other security event data sources on a 24x7x365 basis. Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures. Ability to problem solve, ask questions, and discover why things are happening. Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs. Analyst are responsible for tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval of concurrence from the Staff management. Provide support for the Government CIRT Hotline and appropriately document each call in an existing tracking database for this purpose. Coordinate with the O team to ensure production CIRT systems are operational. Review assembled data with firewall administrators, engineering, system administrators and other appropriate groups to determine the risk of a given event. Establish procedures for handling each security event detected. Analyst should all be able to create custom content and develop new use cases to better correlate security event information. Develop and utilize "Case Management" processes for incident and resolution tracking. The processes should also be used for historic recording of all anomalous or suspicious activity. Currently, processes in place now use the JIRA tool. Identify misuse, malware, or unauthorized activity on monitored networks. Report the activity appropriately as determined by CIRT Management. Maintain proficiency and skills through relevant training, on-the-job training and self-study. Answer the Government CIRT Hotline and appropriately document each call in an existing tracking database for his purpose. Monitoring and responding to the CIRT e-mail addresses. Monitor, document and respond to centrally collected virus data. This team is made up of a bunch of different skillsets including understanding of networks, understanding of operating systems, understanding of the adversary, scripting, or coding experience (writing or reading code), and incident management experience. No one has every single one of those skills, usually it's just one or two of those skills but they're willing to learn the rest. This is a great opportunity for someone who is looking to get more into cyber work. Required Skills: Security+ or equivalent certification Experience with Security Information and Event Management (SIEM) systems Experience using one of the following: Snort, Splunk, WireShark, Fireye, TCPDump, etc Network and Host malware detection and prevention Desired Skills: Experience in a Cloud environment Experience using PowerShell or other scripting languages Strong knowledge of Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS) Strong knowledge of Web/Email gateway security technologies Experience using Network and Host forensic applications 3+ years in one or more of Networking, Systems Administration, Software Development, Cyber Incident Detection