GDIT is looking for a Senior Cyber Analyst is an expert in hacker/hacktivist group capabilities and intentions, and nation-state sponsored CNE (computer network exploitation) and CNA (computer network attack) targeting the US Critical Infrastructure and Government Agencies. The Senior Cyber Analyst is also well versed in cyber security analysis and Forensic investigations.
This position requires the ability to identify potential threats based on agency utilized hardware and software, and known APT tactics, techniques, and procedures (TTP’s). The Senior Cyber Analyst shall be knowledgeable of current cyber trends, incident methodologies, and well versed with toolsets to perform incident investigations.
The Senior Cyber Analyst responsibilities include:
• Support monitoring of all Information Assurance Devices (IADs) to identify and document all intrusions and attempted intrusions.
• Populate and maintain an intrusions database, and provide data analysis support; analyze data from sensors, network security devices and applications using the security information event management systems, log servers, application interfaces and device consoles provided.
• Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
• Recommend sound remediation and recovery strategies, suggest defensive policy enhancements and information technology procedures.
• Threat detection, Threat Hunting and trend analysis.
• Document of evidence of system security compromise, generate of trend reports, and collect evidence of malicious or anomalous activity.
• Report security incidents and/or network intrusions to Incident Handlers for dissemination to appropriate DOT points of contacts.
• Identify anomalous and malicious activity.
• Contribute to content creation, prioritize, rank and escalated incidents.
• Provide support in the detection, response, mitigation, and reporting of cyber threats affecting client networks.
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations.
• Assist in producing status reports and briefs to senior leadership; provide analysis for correlated information sources.
• Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions.
• Senior Cyber Analyst must provide recommendations based on best practice and experience to develop processes that will enhance efficiencies needed to perform the above.
• Maintain situational awareness of cyber activity in the Information Technology (IT) by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization.
• Develop indicators of compromise and context for content creation.
• Provide forensic and network analysis.
• Any other duties as requested by the Contracting Officer Representative and SOC management.
Qualities/Additional info: Bonus for industry certifications. EnCase experience is highly desirable. Candidate should be a proven team player with excellent oral and written communication skills with attention to detail. The Senior Cyber Analyst is a self starter with ability to multi task, and pivot with operational priorities, capable of working independently with ability to handle client interaction as needed.
Required Education and Experience:
Bachelors degree in Computer Science or Information systems.
Minimum ten (10) years of relevant professional experience.
In addition to required education or equivalent experience.
Minimum four (4) years experience with cyber intelligence analysis experience.
Experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems) and applications (e.g. security information management tools (e.g., NetForensics, ArcSight, Splunk).
Technical expertise in the capabilities and techniques of hacker/hacktivist groups, criminal syndicates, and advanced persistent threats conducting computer network exploitation and attacks against the U.S. government resources and critical infrastructure.
Familiar with signatures, tactics, techniques and procedures associated with preparation for and execution/implementation of such attacks.
Experience with threat analysis and threat hunting
Experience with intelligence products.
Experience with early indications and warnings.
Experience with Open Source intelligence techniques.
Experience working in a network security incident response team, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).
Preferred experience with Splunk and EnCase
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.