No more applications are being accepted for this job
- Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed;
- Coordinates with other Cybersecurity Operations to develop or tune rules/signatures/scripts;
- Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on NGA systems, and develop or tune rules/signatures/scripts as needed;
- Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed;
- Improve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed;
- Assists the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise;
- Documents all work in the authorized ticketing system with a sufficient level of detail to ensure the Government and other contract services can systematically reconstruct the analysis;
- Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;
- Must be a US Citizen with an Active TS/SCI.
- 8+ years of related advanced cyber security analytics work experience.
- Must have a certification that is compliant with DoD and DoD M IAT Level III and CSSP Analyst.
- Experience with data mining or building queries in a SIEM.
- Strong understanding of signature development and tuning.
- Strong understanding of network protocols and analysis with protocol analyzers.
- Knowledge of static file signatures, i.e
- Good working knowledge of regular expressions.
- Preferred Skills:
- Comfortable in a hex editor.
- Ability to write python/bash/powershell scripts.
- Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
- Good understanding of Purple Team Tactics.
Cybersecurity Signature Analyst with Security Clearance - Springfield, VA, United States - Strategic ASI
Description
Our client is seeking aCybersecurity Signature Analyst:
Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise
Working within a Fusion model, will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise
This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed
What You'll Get to Do:
More About the Role:
You'll Bring These Qualifications: