Computer Network Defense (CND) Analyst (Job Number:441580)
SAIC is seeking a CND/IR Analyst to work onsite with our customer at Quantico, VA.
- Identify, collect, and analyze network and host data, and report events or incidents that occur or might occur within a network to mitigate immediate and potential network and host threats.
- Perform computer network defense (CND) incident triage, to include determining, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation, perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems, perform real-time computer network defense (CND) incident handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs), receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts, and track and document computer network defense (CND) incidents from initial detection through final resolution.
Daily activities include:
1. Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, and security robustness), collect intrusion artifacts (e.g., source code, malware, and trojans) and use discovered data to enable mitigation of potential computer network defense (CND) incidents within the enterprise.
2. Assist with analysis of actions taken by malicious actors to determine initial infection vectors, establish a timeline of activity and any data loss associated with incidents.
3. Must be experienced with programming tools such as Python, PowerShell and also able to develop Scripts with Scripting languages/tools. Demonstrate experience in other tools such as (e.g., Acunetix, Adobe, Cobalt Strike, FireEye, Fluke Networks Air Magnet, F-Response, Encase Guidance Software, IDA Pro, McAfee Advance Threat Defense, Network Miner Pro, Palo Alto, Burp Suite Professional, Metasploit Rapid 7, Red Seal, Splunk, VMWare, Domain Tools, Virus Tools, Microsoft Products, Operating Systems (e.g., Windows OS 2008 and 2012; Linux).
4. Provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities and to make recommendations enabling remediation.
5. Experience in monitoring external data sources (e.g., computer network defense vendor sites, Computer Emergence Response Teams, SANS, Security Focus), to update the CND threat condition, and determine which security issues may have an impact on the enterprise.
6. Must have experience analyzing log files, firewalls, firewall logs, and intrusion detection systems and IDS Logs to identify possible threats to network security, and to perform command and control functions in response to incidents.
7. Experience writing and publishing CND guidance and reports on incident findings to appropriate constituencies which detail what happened during a compromise and lists out technical details (i.e. which hosts, what malware was found, what files were potentially stolen or manipulated) in a report that can be delivered to the customer or mission owner.
8. Potentially serve as technical expert and liaison to military and civilian law enforcement personnel and explain incident details as required.
- Bachelor’s degree in Computer Science/Cyber Security/Computer Information or Information Systems.
- Must have 10 years of recent work experience in Incident Response.
- Experience performing Computer Network Defense (CND) Incident Triage.
- Experience performing Incident Response as it pertains to a post exploited host/compromised network.
- Experience with forensically analyzing Microsoft Windows Operating Systems (Windows 7/10/2008R2/2012R2).
- Must have experience with forensic analysis of Linux Operating Systems.
- Experience and understanding of what and how to examine computer memory, process dumps, binary images with Open Source Software tools.
- Firm understanding of how to examine Windows and Linux host-based artifacts in the conduct of Incident Response actions.
- Must have an understanding of which artifacts to collect in order to effectively triage and identify anomalies within an Operating System.
- Must have experience with computer programming/scripting tools such as Microsoft PowerShell programming, Python, and/or Bash scripting.
- Must have an IAT Level III certification (CISSP, GCED, CASP CE, CCNP Security, CISA, GCIH)
- Experience on a Cyber Protection Team, DoD/US CERT or other USG Red Team.
- Experience with Big Data Platform, AI, and or Machine Learning.
- Candidate must currently possess and be able to maintain TS/SCI
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAICs approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see My SAIC Benefits. EOE AA M/F/Vet/Disability
Job Posting: Nov 1, 2018, 7:11:02 AM
Primary Location: United States-VA-STAFFORD
Clearance Level Must Currently Possess: Top Secret/SCI
Clearance Level Must Be Able to Obtain: Top Secret/SCI with Polygraph
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job