Cyber Hunt Analyst (Advanced Analyst)
9/18/16
ManTech (www.mantech.com)
Other
/yr
Full Time
Employee
Contractor
Huntsville
Alabama
United States
Job Duties and Responsibilities: The contractor shall support the EIX Cyber Forensic Laboratory in all efforts related to the cyber assessment team’s investigations, and other activities pursuant to and IAW DoD Directive 5205.16, DoD Instruction O-5240.21, DoD Instruction 5240.26, DoD Instruction S-5240.23, the Cyber Forensic Laboratory SOP, and other applicable policies. The contractor shall support the Defense Industrial Base cyber assessment and cyber hunt efforts for the customers entire supply chain.
Responsibilities include:
• Support the development of new cyber data analytics techniques
• Analyze threat intelligence (e.g. actors, hack tools, exploits, malware, etc.) and determine techniques, tactics, and procedures (TTPs) of Threat Actors, including detailed technical analysis of the TTPs
• Analyze events/ data feeds for event detection, correlation from monitoring solutions, triage and classify the output using automated systems for further investigation
• Translate analytical findings into security “use cases” that can be implemented within available surveillance capabilities
• Recommend improvements and assist in the setup of cyber assessments, processes, protocols, skills and tools
• Serve as a data analysis expert for output from a wide variety of digital assessment tools to include expansion into Big Data Analytics
• Analyze and report on threats based on assessment and intelligence data both internally and externally generated
• Proficient with analysis/triage of Windows malware to obtain technical indicators
• Provide detailed and accurate technical reporting of analysis results
• Using a high-level scripting/programming language to extract, de-obfuscate, or otherwise manipulate malware related data
• Providing mitigation suggestions in the context of a security incident, as it relates to the technical analysis of malware or other attack artifacts
• Providing oral briefings on complex technical subjects to senior management and other non-technical audiences
• On one hand this will be a hands-on and very technical cyber security role and on the other hand it will require good communication & relationship skills to ensure technical issues can be translated into business terms for appropriate decision making around mitigating actions by communicating findings
Position Requirements:
• Assist in discovery of cyber vulnerabilities and investigation of global cyber security incidents where required
• Assist in managing the requirements for assessment reports and interfaces with the services providers to enrich hunting efforts
• Work across multiple organizations, cultures and service providers to pull together actionable information and management information
• Must possess excellent oral and written communication skills and critical thinking
• Have 5+ years of malware analysis, reverse engineering, incident response, or other similar work experience
• Be able to recommend changes to Splunk policies, filters and rules to improve event analysis along with creating content within Splunk to find related attributes
• Familiar with various core Windows subjects, including process management experience should include analysis of network traffic and protocols
• Capable of working independently and within teams to solve problems
• Background or experience in digital forensics
• 8570 compliant - IAT Level 1 or NCD-A
• Offensive Security Certified Professional (OSCP)
To apply for this job, contact:
Human
Resources