Enterprise Cyber Operations Support – Cyber Adversary/ Insider Threat Analyst

Clearance Level
Secret
Category
Information Security
Location
Falls Church, Virginia

REQ#: RQ130839

Travel Required: Less than 10%
Requisition Type: Regular

Guard Enterprise Cyber Operations Support (GECOS) – Cyber Adversary/Insider Threat Hunter

GDIT has an opening for a CND Analyst - SOC position supporting the Army National Guard (ARNG) in Falls Church/Arlington, VA. Cyber Adversary/Insider Threat Hunter. This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services.  The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.

The Cyber Adversary/Insider Threat Hunter will:

  • Conduct proactive hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
  • knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
  • understanding of attacker tradecraft associated with email, app-based, cloud threats and the ability to apply defensive tactics to protect against threats.
  • knowledge of operating system internals, OS security mitigations, understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
  • Ability to learn how to perform deep analysis of captured malicious code (e.g., malware forensics).
  • Some skill in analyzing anomalous code as malicious or benign.
  • Incorporate agile, threat intelligence-driven or hypothesis-based threat hunting, and the MITRE ATT&CK framework to identify and prioritize development of missing or ineffective detection capabilities to detect, prevent, and respond to cyber events originating from threat actors.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Supporting detection and analysis of the full spectrum of insider threats facing ARNG
  • Evaluate risks directed towards ARNGs technologies and workforce
  • Build concise, meaningful, and actionable assessments and briefings for other analyst, investigators, and key decision makers
  • Use analytics to pinpoint and prioritize threats found amongst large amounts of sensitive data from disparate data sources.
  • Focus on effectively identifying and implementing improvements to detection capabilities as well as existing mission workflows
  • Mission success or failure produces a lasting, strategic effect on ARNG, the United States, and its close allies

QUALIFICATIONS: 

Required Skills and Experience: 

  • Minimum 7 years cybersecurity experience and at least 3 years of Cyber Threat Hunt experience
  • Ability to detect and report on malicious and inadvertent Insider Threats 
  • Possess the appropriate baseline certifications to achieve DoD 8570.01-M Information Assurance Technical (IAT) Level II
  • Possess the appropriate DoD 8570.01M CSSP Analyst, Infrastructure, or Incident Responder certification
  • An active SECRET DoD clearance

Desired Skills, Certifications, and/or Experience: 

  • Automating Indicator Sharing/STIX-TAXII
  • Elastic, Logstash, & Kibana (ELK) for anomaly detection
  • Splunk User Behavior Analytics
  • Splunk Enterprise Security, Google Chronicle, Q-Radar, or ArcSight analysis
  • Ability to write custom scripts in Python, Bash, PowerShell to interact with existing or future ARNG DCO tools to aid in detection of anomalous network intrusions and/or Insider Threats
  • AESS, ACAS, Palo Alto NGFW
  • Deep Packet Capture Analysis
  • Forcepoint 

THIS POSITION ALLOWS UP TO 2 DAYS A WEEK REMOTE WORK

#GECOS

#GDITPriority


About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.