Position SummaryFederal Data Systems is seeking Cyber Security Analyst to support the Cybersecurity & Infrastructure Security Agency at Arlington VA. The candidate will execute cybersecurity activities related to network activity, identify and triage network issues, and analyze network flow to identify and mitigate threats and vulnerabilities.Essential Job FunctionsPerform technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (ie netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types).Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure. Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions.Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity.Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics.Document key event details and analytic findings in analysis reports and incident management systems.Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletins.Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systems.Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data types.Develop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performance.Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysis.Provide technical assessments of cyber threats and vulnerabilities.Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.Produce final reports and review incident reports from junior analysts.Monitor and report on trends and activity on network sensor platforms.Produce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.).Minimum Required QualificationsDue to the nature of this position and the information that employees will be required to access; US Citizenship is required.Bachelor's Degree and 8+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be substituted in lieu of degree.4+ years of prior incident handling/response experience.Required Security Clearance: TS/SCI.CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).Demonstrated sound understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.Demonstrated commitment to training, self-study and maintaining proficiency in the technical cybersecurity domain and an ability to think and work independently.Strong analytical and troubleshooting skills.Willing to perform shift work, including weekend hours.Required Certifications: DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC prior to starting.DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 6 months of start.Desired/Preferred Skills: Top Secret - Sensitive Compartmented Information (TS/SCI) Eligible (DIA Adjudicated or capable of reciprocal acceptance by DIA).Demonstrated hands-on experience analyzing high volumes of logs, network data (eg Netflow, Full Packet Capture), and other attack artifacts in support of incident investigations.In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (eg ArcSight, Splunk, Nitro/McAfee Enterprise Security Manager, QRadar, LogLogic).Experience and proficiency with any of the following: Anti-Virus, HIPS/HBSS, IDS/IPS, Full Packet Capture, Network Forensics.Experience with malware analysis concepts and methods.Unix/Linux command line experience.Scripting and programming experience.Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.Working Conditions: Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are normally set from Monday through Friday 8:00am to 5:00pm, however some extended or weekend hours may be required. Additional details on the precise hours will be informed to the candidate from the Program Manager/Hiring Manager.Physical Requirements: May be required to lift and carry items weighting up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the workday.Background Screening/Check/Investigation: Successful Completion of a Background Screening/Check/Investigation will be required as a condition of hire.Benefits: Federal Data Systems, LLC offers competitive compensation, a flexible benefits package, career development opportunities that reflect its commitment to creating a diverse and supportive workplace. Benefits include, not all inclusive - Medical, Vision & Dental Insurance, Paid Time-Off & Company Paid Holidays, Personal Development & Learning Opportunities.Other: This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the US Federal Data Systems is an Equal Opportunity/Affirmative Action Employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other basis prohibited by applicable law. We strive to create a diverse, inclusive and respectful work culture that values all.This position requires that individuals be fully vaccinated. Reasonable accommodations will be considered.Job Types: Full-time, ContractBenefits:401(k)401(k) matchingDental insuranceEmployee assistance programEmployee discountFlexible scheduleFlexible spending accountHealth insuranceHealth savings accountLife insurancePaid time offProfessional development assistanceReferral programRetirement planTuition reimbursementVision insuranceSchedule:8 hour shiftCOVID-19 considerations:This position requires that individuals be fully vaccinated. Reasonable accommodations will be considered.Application Question(s):Do you have an active TS/SCI security clearance?Do you have a DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, or SANS GSEC?Experience:Linux: 1 year (Preferred)Cybersecurity: 5 years (Preferred)Information security: 1 year (Preferred)Incident Handling: 1 year (Preferred)Work Location: One location