Cyber Intel Analyst

Clearance Level
Information Security
Lanham, Maryland

REQ#: RQ84320

Travel Required: Less than 10%
Public Trust: MBI Full 5C (T3)
Requisition Type: Regular

Location (Country): Internal Revenue Service :: Lanham, MD - USA

• Threat Intel Analyst will be part of a fast paced, highly skilled team that provides analysis to real-time event data to detect, analyze and respond to security incidents.
• Candidate will need to be able to document and communicate effectively with customers and internal teams, assist in the investigation of events and follow-up with corrective actions and reporting with respect to Cyber Intel.
• Candidates should have an investigative mindset that allows them to draw technical conclusions as to why activity is occurring and provide a rapid, but accurate, response to the emerging threats and trends.

Position Objectives:
• Perform audit trail and real-time analysis on activity related to standing and emerging cyber threats, perform predictive analysis based on credible active internet threats, and implement defense security protocols to defend the Service network.
• Identify, track, and analyze Intel threat related information that effects networked environments.
• Accurately document the TTPs and mitigation strategies for reference and collaboration with other organization.

Essential duties:
• Gather Threat Intel information and properly translate that information to federal data network defenses
• Document trends and events into database for tracking.
• Conduct incident handling of cyber threats, and assist in the intrusion detection/analysis/response efforts associated with the activity, and convey risk current posture to the environment.

Required skills:
• Confident and effective communication skills regarding security concerns, issues and events
• Technical across a broad range of network, command line scripting, computing, storage, & encryption methodologies.
• In depth understanding of the network protocols and experience troubleshooting and experience reading network packet captures
• Understanding and applied experience with NIX & Microsoft operating system platforms
• Experience and ability to conduct detailed network forensic analysis of multiple devices and operating systems.
• Experience in programming using shell scripts, PERL, Ruby, and/or Python along with the ability to understand, modify, and compile some source code for intrusion testing and developing defensive measures.
• Experience analyzing events from Intrusion Detection Systems (Snort, Sourcefire, Cisco, etc) and Firewall logs (iptables), System Logs (Event Logs, Security, syslog, etc).
• Conduct internal and external incident response functions, coordinating such with outside agencies to provide detailed reports on results of findings and analysis.
• Strong oratory and electronic communications ability to effectively communicate with customers.
• Desire and ability to maintain focus while analyzing complex log algorithms

Desired skills:
• Historical experience with daily monitoring of vendor and other security alerts (CERT, SANS, BugTraq)
• Experience reading and writing Intrusion Detection Signatures and other Network Intrusion Detection Systems.
• Experience and knowledge of modern encryption methods and implementation with web and internet-based security systems
• Ability to train and present security events and incidents to all levels within the organization.
• Basic navigation and querying in SPLUNK
• Utilize creative methods to monitor, identify and mine trends and incidents within extremely large datasets through statistical and/or automated fashions
• Support an environment for learning and sharing with other analysts and security professionals within the organization on the trends of attack
• Writing white papers or building presentations that can be published/presented internally or to external entities.

Education or Equivalent Experience: Certification or specialized training desired:
• SANS GCIA, GCIH, GCED and/or GCFA Certifications preferred.
• tcpdump/Wireshark/TCP/IP Analysis, IDS (Snort/FirePower),
• Incident Handling and Response
• Training/Knowledge of NIDS, Network Scanners, Snort, Sourcefire
• Bachelor’s Degree in Computer Science, Computer Engineering or Mathematics and 5 years of professional IT security analysis experience or 8 years of professional IT security analysis.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.