Computer Network Defense (CND) Analyst - Military veterans preferred
2019-01-03 SAIC (www.saic.com)
Stafford Virginia 22554 United States
SAIC is seeking a CND/IR Analyst to work onsite with our customer at Quantico, VA.
Identify, collect, and analyze network and host data, and report events or incidents that occur or might occur within a network to mitigate immediate and potential network and host threats.
Perform computer networkdefense(CND) incident triage, to include determining, urgency, and potential impact; identifyingthe specificvulnerability; and makingrecommendations thatenable expeditious remediation,perform initial, forensicallysound collection of images and inspect to discern possiblemitigation/remediation on enterprise systems, perform real-time computernetworkdefense(CND) incident handling(e.g., forensic collections, intrusioncorrelation/tracking, threat analysis, and direct system remediation) tasks tosupportdeployableIncident Response Teams (IRTs), receive and analyze network alerts fromvarious sourceswithin the enterprise and determine possible causes of suchalerts, andtrack and document computer network defense (CND) incidents from initial detectionthrough final resolution.
Daily activities include:
Employapproved defense-in-depthprinciples and practices (e.g., defense-in-multipleplaces, layered defenses, and securityrobustness), collect intrusion artifacts (e.g., source code, malware,and trojans) and usediscovered data to enablemitigation of potential computer network defense(CND)incidents within the enterprise.
Assist with analysis of actions taken by malicious actors to determine initial infection vectors, establish a timeline of activity and any data loss associated with incidents.
Must be experienced with programming tools such as Python, PowerShell and also able to develop Scripts with Scripting languages/tools. Demonstrate experience in other tools such as (e.g., Acunetix, Adobe, Cobalt Strike, FireEye, Fluke Networks Air Magnet, F-Response, Encase Guidance Software, IDA Pro, McAfee Advance Threat Defense, Network Miner Pro, Palo Alto, Burp Suite Professional, Metasploit Rapid 7, Red Seal, Splunk, VMWare, Domain Tools, Virus Tools, Microsoft Products, Operating Systems (e.g., Windows OS 2008 and 2012; Linux).
Provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities and to make recommendations enabling remediation.
Experience in monitoring external data sources (e.g., computer network defense vendor sites, Computer Emergence Response Teams, SANS, Security Focus), to update the CND threat condition, and determine which security issues may have an impact on the enterprise.
Must have experience analyzing log files, firewalls, firewall logs, and intrusion detection systems and IDS Logs to identify possible threats to network security, and to perform command and control functions in response to incidents.
Experience writing and publishingCND guidanceand reports onincident findings to appropriate constituencies which detail whathappened during a compromise and lists out technical details (i.e. which hosts, whatmalware was found, what files were potentiallystolen or manipulated) in areport thatcan be delivered to thecustomer or mission owner.
Potentially serve astechnical expert and liaison to militaryand civilian law enforcement personnel andexplain incident details as required.
Bachelor’s degree in Computer Science/Cyber Security/Computer Information or Information Systems.
Must have 10 years of recent work experience in Incident Response.