Cyber Defense Analyst Level 2 - TCW

Clearance Level
Top Secret SCI + Polygraph
Category
Cyber Security
Location
Annapolis Junction, Maryland

REQ#: RQ115986

Travel Required: Less than 10%
Requisition Type: Regular

We are GDIT. We stay at the forefront of innovation to solve complex technical challenges. 

GDIT is your place. Make it your own by discovering new ways to apply the latest technology securely and expertly. Own your opportunity at GDIT and you’ll be a meaningful part of improving how agencies operate. Our work depends on a experienced Cyber Defense Analyst’s joining our team to support our Client’s activities in the Annapolis Junction area.

At GDIT, we foster a people-centric environment. As a Cyber Defense Analyst supporting our client, you will be trusted to work on very centric and cutting-edge technology. In this role, a typical day will include but not limited to:

  • Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity
  • Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate
  • Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses
  • Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
  • Perform advanced manual analysis to hunt previously unidentified threats
  • Conduct PCAP analysis 
  • Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols
  • Apply techniques for detecting host- and network-based intrusions
  • Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities
  • Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB)
  • Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures
  • Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump)
  • Understand snort filters and how they are crafted and tuned to feed IDS alerting
  • Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting
  • Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
  • Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host

WHAT YOU’LL NEED:

  • Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required. A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity
  • One (1) year of demonstrated and practical experience in TCP/IP fundamentals. (U) One (1) year of demonstrated experience with tcpdump or Wireshark
  • Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm)
  • Two (2) years of demonstrated experience in network analysis and threat analysis software utilization
  • Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification

WHAT GDIT CAN OFFER YOU:

  • Full-flex work week
  • 401K with company match
  • Customizable health benefits packages
  • Collaborative teams of highly motivated critical thinkers and innovators
  • Internal mobility team dedicated to helping you own your career
  • Rewards program for high-performing employees

    Not sure this job’s the one for you? Check out our other openings at gdit.com/careers.

    Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking “Share.”  *Add a share button. *


About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.