Cyber Countermeasures Engineer - Shiloh, United States - By Light Professional IT Services

    By Light Professional IT Services
    By Light Professional IT Services Shiloh, United States

    1 month ago

    Default job background
    Description

    Overview:
    By Light is seeking a Cyber Countermeasures Engineer who's primary duty location is DISA Global Field Command (DGFC), Scott AFB, IL

    Responsibilities:


    Provide direct mission support to government customers at Scott AFB, IL.Serve as the cyber countermeasure Subject Matter Expert for a new cyber capability.

    Work directly with customer and commercial vendor cyber fusion/threat analyst teams to develop effective countermeasures addressing a wide range of priority and/or emerging cyber threats.

    Ensure countermeasures are effective in supporting desired mission outcomes.
    Provide critical integration between customer and commercial vendors teamsAnalyze signatures (ex.

    YARA, Snort) in Cyber Threat Intelligence or DoD orders and assess new capability coverage for these threatsRequired Experience/Qualifications:

    2+ years of experience in cyber analyst roleExperience conducting malware analysisExperience developing behavioral threat signatures, such as YARA rulesExperience with cyber operations and cyber operation planning processesUnderstands malicious cyber actor TTPs to include initial access and command-and-controlUnderstands how to use cyber security tools and data to conduct defensive cyber operationsUnderstands cyber threats and cyber threat frameworks such as Cyber Kill Chain and MITRE ATT&CK frameworkUnderstands Cyber Threat Intelligence (CTI) and how to integrate CTI into defensive cyber operationsPreferred Experience/Qualifications:

    Hands on SIEM experience, preferably with Splunk, to include configuration, query development, log review/analysis, and correlation of event data5+ years of experience in cyber analyst role, preferably supporting DGFC or JFHQExperience with regex and signature developmentExperience with coding/scriptingCybersecurity certifications such as CISSP and/or GIAC certificationsSplunk certificationsSpecial Requirements/

    Security Clearance:
    Minimum Active Secret Clearance.
    Active TS and TS/SCI clearances are preferred

    #J-18808-Ljbffr