No more applications are being accepted for this job
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Assesses network topology and device configurations identifying critical security concerns and providing security best practice recommendations
- Collects network intrusion artifacts (e.g., PCAP, domains, URI's, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
- Collects network device integrity data and analyze for signs of tampering or compromise
- Analyzes identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Tracking and documenting onsite incident response activities and providing updates to leadership through executive summaries and indepth technical reports
- Planning, coordinating and directing the inventory, examination and comprehensive technical analysis of computer related evidence
- Serving as technical forensics liaison to stakeholders and explaining investigation details Required Skills:
- U.S
- Active DoD Secret clearance
- Must be able to obtain DHS Suitability
- 8+ years of directly relevant experience in cyber forensic and network investigations using leading edge technologies and industry standard forensic tools
- Experience leading cross functional teams conducting cyber threat hunting activities
- Experience with reconstructing a malicious attack or activity
- Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata
- Ability to create forensically sound duplicates of evidence (forensic images)
- Able to write cyber investigative reports documenting forensics findings
- In depth knowledge and experience of:
- utilizing COTS and custom developed tools to detect APT activity
- reviewing threat reports and searching the network for applicable IOC (Indicators of Compromise)
- identifying different classes and characterization of attacks and attack stages
- CND policies, procedures and regulations
- of network topologies, Wi-Fi Networking, and TCP/IP protocols
- Splunk (or other SIEMs)
- Vulnerability scanning, assessment and monitoring tools such as Security Center, Nessus, and Endgame
- MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK)
- Must be able to work collaboratively across physical locations
- Experience and proficiency with the following tools and techniques:
- EnCase, FTK, SIFT, X-Ways, Volatility, WireShark, Sleuth Kit/Autopsy, and Snort
- Carving and extracting information from PCAP data
- Non-traditional network traffic: Command and Control
- Preserving evidence integrity according to national standards
- Designing cyber security systems and environments in a Linux environment
- Virtualized environments
- GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA
Host Based Systems Analyst - Arlington, VA, United States - Arsiem Corporation
Description
ARSIEM is seeking a senior Cyber Threat HunterResponsibilities:
Desired Skills:
EDR Tools:
Crowdstrike, Carbon Black, Etc
Conducting all-source research Required Education:
BS Computer Science, Cybersecurity, Computer Engineering or related degree; or HS Diploma and 10+ years of host or digital forensics or network forensic experience
Desired Certifications: