Cybersecurity Signature Analyst with Security Clearance - Springfield, VA, United States - Strategic ASI

    Strategic ASI
    Strategic ASI Springfield, VA, United States

    2 weeks ago

    Default job background
    Technology / Internet
    Description
    Our client is seeking a

    Cybersecurity Signature Analyst:
    Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise
    Working within a Fusion model, will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise
    This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed

    What You'll Get to Do:

    • Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed;
    • Coordinates with other Cybersecurity Operations to develop or tune rules/signatures/scripts;
    • Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on NGA systems, and develop or tune rules/signatures/scripts as needed;

    More About the Role:

    • Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed;
    • Improve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed;
    • Assists the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise;
    • Documents all work in the authorized ticketing system with a sufficient level of detail to ensure the Government and other contract services can systematically reconstruct the analysis;
    • Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;

    You'll Bring These Qualifications:

    • Must be a US Citizen with an Active TS/SCI.
    • 8+ years of related advanced cyber security analytics work experience.
    • Must have a certification that is compliant with DoD and DoD M IAT Level III and CSSP Analyst.
    • Experience with data mining or building queries in a SIEM.
    • Strong understanding of signature development and tuning.
    • Strong understanding of network protocols and analysis with protocol analyzers.
    • Knowledge of static file signatures, i.e
    "magic numbers" and how it applies to developing countermeasures for files in transit and that reside locally on a host.

    • Good working knowledge of regular expressions.
    • Preferred Skills:
    • Comfortable in a hex editor.
    • Ability to write python/bash/powershell scripts.
    • Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
    • Good understanding of Purple Team Tactics.