Cybersecurity Analyst Security Clearance

Position: Cybersecurity Analyst with Security Clearance
Responsibilities & Qualifications RESPONSIBILITIES
* Collect and analyze network and/or host artifacts from a variety of sources to include logs, system images and packet captures to characterize activity, determine root cause, operational impact, and to enable rapid remediation and/or mitigation of cyber threats within the Enterprise Network through the investigation process.
* Perform cyber incident triage; to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation.
* Must have working knowledge of the CJCSM 6510.01B (Cyber Incident Handling Program)
* Provide expert technical support and perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support subordinate organizations and system owners.
* Manage and document cyber defense incidents from initial detection through final resolution methods.
* Maintain an average of at least two new detection use cases per month during each year of contract execution. Detection use cases shall be based on current threats, the MITRE ATT&CK framework, or Government direction.
* Maintain metadata for all detection use cases to include use case owner, number of false positives identified, number of true positives identified, and average time to execute (based on incident detection monitoring analyst feedback).
* In support of the DTRA I2TS IOC Cybersecurity department, the Cyber Security Specialist will provide the required resources and expertise to support 24x7x365 cybersecurity monitoring and response across DTRA's distributed network operations environment.
* Working with the DTRA I2TS IOC, contractor CSSP analysts and engineers shall collaborate with various teams throughout the agency to process intelligence, determine threat, develop mitigations, monitor for attacks, and assess risk while providing cyber based Situational Awareness to agency leadership and stakeholders.
* The Cyber Security Specialist will monitor computer network defense services in a manner that effectively safeguards the confidentiality, integrity, and availability of DTRA-supported network environments and Information Technology infrastructure.
* The Cyber Security Specialist will provide the required resources and expertise to ensure compliance with DoD CSSP Evaluators Securing Metrics (ESM). In addition, the Cyber Security Specialist will provide support within the existing CSSP structure which includes four simultaneously running processes tooled to assist and defend the system subscriber. The Cybersecurity Analyst is responsible for network threat monitoring across a variety of tools.

* The analyst is expected to understand how to use standard threat hunting tools to craft targeted queries to detect and monitor intrusions into the network environment. Prior experience writing and submitting detailed technical reports is required in order to submit detailed reports of how the threat was identified, confirmed, contained, and any other follow-on actions.
* The analyst must also be proficient in conducting research on threats and adversaries across various open source and government database platforms. The ability to work effectively within a team is essential, as the analyst will be required to share and discuss information discovered during the research and monitoring process. REQUIRED QUALIFICATIONS
* Must have Active DoD Top Secret clearance
* IAT Level II certification and CSSP Analyst certification (Security+ CE or better, CEH or better)
* Computing Environment certification desired (Windows 2016, Red Hat security, Splunk Power User etc.)
* Experience with open-source research, analyzing network traffic, analyzing windows logs, experience with network and host-based security systems, experience with SIEMs, basic knowledge of network topography, intermediate understanding of network protocols, and through understanding of the OSI model.
* Experience with Splunk and Trellix ESS (McAfee HBSS)
* Minimum 1 year of cyber security analyst experience DESIRED…