Computer Network Defense Analyst Continuously monitor all facets of the DLA network such as network and host based IDS; handling and developing warning intelligence for DLA subscribers and other Cyber Security Service Providers; providing attack sensing and warning services tailored specifically to each DLA subscriber; responding to and handling cyber incidents as they are identified.
The candidate should be able to:
Lead investigations of security events and provide incident response support based on the outcome.
Document and share information with other analysts and other teams.
Compile and maintain internal standard operating procedure (SOP) and Tactics, Techniques and Procedures (TTPs) documentation.
Collaborate with multiple stakeholders across functional and technical skill sets.
Correlate data from multiple sources including host & network based IDS & IPS, log and packet capture data, forensics tools, and DoD & open source intelligence
Provide strong written and verbal communication, solid presentation skills and technical writing skills are a must.
Demonstrate knowledge of security & risk frameworks, standards, and best practices.
Demonstrate strong analytical skills and attention to detail.
Use excellent time management skills, and have the ability to prioritize tasks.
Show an ability to work efficiently and independently with minimal supervision (i.e. self-motivated and willing to stretch to meet important deadlines).
Provide incident handling and analysis to monitor, detect, protect, respond and sustain DLA cyber operations.
Perform real-time and historical analysis of data derived from DLA systems for traces of malware and system compromise.
Assess the scope of suspected or confirmed cyber incidents and take immediate action to prevent the spread of the activity and restoral of affected DLA systems and data.
Develop countermeasures such as custom SIEM and IDS rules/signatures
Work with DLA subscriber groups to identify operational or technical impact of an incident as well as the criticality of the system/data affected by the incident.
Assist DLA Cyber Security staff in defending DLA assets from unauthorized and malicious activity.
Provide recommendations for hunting targets within DLAs Area of Responsibility (AoR).
Use tools defined in Threat Hunting SOPs and TTPs to engage in Threat Hunting exercises at the direction of leadership.
Five (5) years relevant experience or formal related education
Must possess a current DOD Top Secret Clearance and be eligible for SCI and IT-1 access
Must possess experience working within a SIEM
Must possess experience analyzing logs from multiple sources such as system event logs, F5, Firewall, etc.
Must possess experience reviewing and analyzing network traffic through packet captures
Must possess written and verbal skills to appropriately document and brief cybersecurity incidents
Upon start of employment on contract, must meet the following DOD 8570 Baseline requirements
IAT Level II (one of the following)
CSSP Incident Responder (AND one of the following)
CCNA Cyber Ops
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.