General Dynamics Information Technology (www.gdit.com)
Network Based Computer Intrusion Analyst
Responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities. Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
Provide knowledge in computer and network forensics.
Develops, researches and maintains proficiency in tools, techniques, countermeasures, and trend in computer and network vulnerabilities, data hiding, and encryption.
Identifies, deters, monitors, and investigates computer and network intrusions.
Monitors external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of Computer Network Defense threat conditions.
Performs analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, DNS logs) to identify possible threats to network security.
Collects network intrusion artifacts (e.g., domains, URI’s, certificates, etc.) and use discovered data to enable mitigation of potential Computer Network Defense incidents.
Provides computer forensic support to high technology investigations in the form of evidence seizure, computer forensic analysis, and data recovery.
Uses current hashing algorithms to validate forensic images; diagrams networks and images servers to support digital forensics operations
Utilizes a variety of industry standard tools and techniques to collect a system’s current state data and catalog, document, extract, collect, and preserve information
Uses dynamic analysis to identify network intrusions and network monitoring tools to capture real-time traffic spawned by any running malicious code; identifies internet activity that is triggered by malware; identifies network/host-based characteristics and assists in drafting recommendations to mitigate malware effects
Provides real-time incident handling tasks as part of an incident response team
Utilizes various government and commercial resources to research known malware, define its characteristics, and report findings and mitigation recommendations to appropriate personnel
Uses prescribed methods and materials to provide basic incident response and/or technical assistance to situational response teams (e.g., scanning digital media for viruses)
Follows and understands the proper procedures to preserve chain of custody for legal review
Able to deploy to DHS customers in the field throughout the US states and territories with a 12 hour notice; surge support is required
This position could possibly be designated as critical to agency operations and may be required to be deployed as part of an Emergency Relocation Group (ERG) in conjunction with COOP deployment or emergency activation team.
Active Top Secret Security Clearance with SCI eligibility is required. In addition, must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment
5-10 years of related experience in data security administration.
As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
Certifications: One or more of the following Certification(s): CompTIA Net+, CompTIA A+, CompTIA Security + , CPTE , GCIH, ECIH is preferred.