Cyber Defense Analyst

Columbia, MD 21029

Posted: 10/12/2018 Industry: IT Job Number: JN -092018-110260
Cyber Defense Analyst
Cyber Defense Analyst, also known as Cyber Defense Analysts, conduct all-source analysis, digital forensics, and targeting to identify, monitor, assess, and counter the threat posed by cyber actors. Cyber Defense Analysts apply their scientific and technical knowledge, skills, and abilities to solve complex intelligence problems and to produce short-term and long-term written assessments and recommended courses of action. They use their analytical, writing, and presentation skills to inform leaders at all levels of threat, risk, and operational context.

Cyber threat analysis demands initiative, creativity, analytical skills, and technical expertise. Analysts must maintain and broaden their analytical and technical skills, as well as their professional networks, throughout their careers. This is achieved through academic study, practical experience, collaboration with peers, and participation in professional gatherings. They may also pursue additional studies and cross-functional training in fields relevant to their areas of responsibility.

The Cyber Defense Analysts compile cyber threat data gathered from various sources including independent research and analysis, cybersecurity operations activity, system behavior, defensive cyber capabilities (i.E., McAfee systems), and etcetera. They look at emerging technology and technology trends, cyberspace tactics, techniques, and procedures, and adversarial capability and intent. They use all of this information to develop comprehensive and detailed threat assessments that inform defensive cyberspace operations.

On a near real-time basis, they analyze cyber threat Indications & Warnings and fuse unclassified/open source cyber threat information with proprietary or client internal threat intelligence. They enrich their analyses through correlation of threat intelligence with internal and external network activity and system behavior to provide insight into every stage of a potential adversary's cyber kill chain.

1.1.1. General Qualifications

Cyber Defense Analysts generally possess bachelor's degree in computer science, computer engineering, digital forensics, cyber security, telecommunications, information assurance, security studies, or relevant and sufficient practical experience as described in the experience section.

Cyber Defense Analysts are well-versed in intelligence techniques, practices, and procedures, and they demonstrate an understanding of US national security interests. They have experience with government classified and unclassified computer systems and networks. They possess master-level verbal presentation and writing skills, including the demonstrated ability to write clear, complete, and concise text that synthesizes and communicates complex information effectively to diverse audiences comprised of technical experts and laypersons. They have excellent analytical abilities and a strong ability to think creatively.

Cyber Defense Analysts generally demonstrate or possess:

* Certifications (CEH, CEPT, LPT, ECSA, CISSP, Security+, GIAC {Web, wireless, forensics, mobile, exploit researcher})
* Experience taking disparate, seemingly-unrelated intelligence and extract meaning or relevance from the data.
* Ability to act as a briefer to effectively communicate intelligence data in a concise, effective, and persuasive manner.
* Effective analytical and critical thinking skills - proven problem solving and follow-thru.
* Effective documentation and verbal communication skills in customer-facing roles
* Demonstrated successful ability to multi-task and perform in an interrupt-driven, non-deterministic environment while working independently and as a team
* Demonstrated self-starter and team player with ability to quickly learn new concepts with guidance from senior team members
* Ability to foster new ideas/concepts and generate synergy with the team, positive, team and mission-oriented attitude, self-motivate when given strategic goals
* Ability to lead others and deliver results (brief leadership, customers, etc.).

1.1.2. Experience (technical and operational)

Cyber Defense Analysts generally have:

* 3-5 years of experience with DoD and/or IC Cybersecurity policy, process, and procedure
* 3+ years of experience with military or IC intelligence policy, process, procedure, and tradecraft
* Knowledge of intelligence community, military, U.S. Government, Cyber organizations
* 3+ years of experience with all-source threat intelligence collection, analysis, production and dissemination, cyber incident response support, or defensive cyberspace operations support
* Skills in open source data collection (OSINT) and acquisition such as investigating, researching, google hacking, etc.
* 3+ years of experience with quantitative analysis, analytical methods, or data analysis
* 2+ years of experience with quantitative statistical, data analysis, or data visualization programs, including Tableau, R, or Stata-Experience with Microsoft Office, including Word, Excel, and PowerPoint
* Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources for the purposes of documenting results and analyzing findings to provide meaningful products
* Knowledge of adversarial activities in cyberspace with an understanding of intrusion set tactics, techniques, and procedures (TTPs) and operational tradecraft with the ability to emulate these TTP to assess vulnerability and risk
* Experience with threat intelligence tools.
* Proficient with the operation, including rule and signature development, of intrusion detection and network security monitoring tools, including but not limited to, SNORT and YARA.
* Experience with malware analysis and reverse engineering techniques and tools (IDA, OllyDbg)
* Experience with the development of applications, custom tools, and solutions in various coding languages to include SQL, python, Django, perl, ruby, PHP, Java, etc.
* Experience with security tools such as - Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various testing tools
* Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
* Demonstrated understanding of networking fundamentals such as the OSI model, IP addressing, DNS, switching/routing, ports and protocols, authentication techniques.
* Demonstrated understanding of proxies, anonymizers, and capabilities such as TOR
* Experience with analytical techniques such as Pcap analysis, HTTP header analysis, Cyber Kill Chain methodology
* Demonstrated understanding of malware types and malware terminology (i.E., exploit, implant, reverse shell, call out backdoor, call in backdoor, etc.)
* Demonstrated understanding of cyber technologies and techniques such as hashing, reputation, heuristics, signatures, network traffic and behavior analysis, predictive, prescriptive, and diagnostic analytics, machine learning, etc.
* Demonstrated familiarity with the operational use of McAfee products such as Enterprise Security Manager (ESM), Network Security Platform (NSP), and Advanced Threat Defense (ATD).
* Demonstrated familiarity with the operational use of other vendor products such as SPLUNK and FireEye.
* Practical understanding of public and private cloud concepts.

1.1.3. Job Functions

The primary, top-level functions of Cyber Defense Analysts are: analysis, production, refinement, and dissemination of prose threat intelligence (i.E., comprehensive written reports) and development and implementation of atomic indicators (e.G., SNORT rules, YARA rules, custom signatures, etc.)

Cyber Defense Analysts perform systems and data threat analysis and enterprise-wide monitoring of Government systems and networks. They conduct baseline audits of usage of all Agency automated information systems and provides feedback in the form of oral and written reports, and metrics.

Primary, top-level functions can be decomposed into the following:

Performs focused monitoring capabilities on a case-by-case basis.

Performs testing of new software releases/upgrades and policies to ensure compatibility with enterprise applications.

Performs network maintenance checks on requisite insider threat monitoring software and third party architecture.

Creates policies, performs data analysis, product configuration support, network and database support, and maintenance of the operating server, agent, baseline and database repository; performs software policy analysis, generation refinement, and testing.

Reviews and recommends additional resources required to meet customer mission requirements. Assists the Government in building and deploying software enhancements.

Participates in customer program and technical exchange meetings. Provides product specific training on-site and off-site as required.

Identifies, collects, and performs analysis of raw, primary and secondary data derived from various sources

Investigates, documents, and reports on information cybersecurity issues and emerging trends

Provides finished intelligence products, including high quality papers, briefings, recommendations, and findings for senior leaders.

Develops and maintain expertise in Cyberspace operations, emerging Cyber threats and trends, and evolving policy and regulatory framework for Cyberspace operations.

Provides regional or functional analytic support pertaining to a wide-range of Cyber threat actors.

Performs analytic support focused on Cyberspace doctrine, policies, strategies, capabilities, and Cyberspace groups, individuals, organizations, tools, tactics, and procedures.

Prepares assessments of current threats and trends based on the sophisticated collection, research and analysis of classified and open source information.

Develops and maintain analytical procedures to meet changing requirements and ensure maximum operational success.

Collects data using a combination of standard intelligence methods and business processes.

Maintains current knowledge of relevant technologies and subject areas.

Participates in special projects as required

Provides leadership and guidance to less experienced personnel.

Utilizes technology (e.G., ESM, ACE, SPLUNK) to correlate events and identify indicators of threat activity.

Utilizes intelligence regarding threat capabilities to develop IDS/IPS signatures

Conducts log file analysis to identify indicators of compromise.

Reports suspected threat activity to the requirements manager and incident handlers for ticketing and assignment to a DCOD for response.

Refines and applies a variety of analytical methods and models to help transform large sets of data into knowledge to identify threat and threat activity on Army networks.

Coordinates and provides guidance, assistance, and recommended courses of action to ensure compliance with DoD and Army IA policies for threat mitigation and incident handling.

Engage stakeholders across DoD, collects and assimilates data, defines business rules, and communicates the analyses to clients and leadership

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.