Cyber Hunt Analyst - Military veterans preferred

2019-06-13
SAIC (www.saic.com)
Other

/yr

  full-time   employee


Fairmont
West Virginia
26554
United States

Description

Responsible for supporting the customer in cyber-threat hunting and associated investigations. Also, perform hands-on investigations that require critical thinking and a broad understanding of multiple technologies. The incumbent will support development of presentations and reports to document findings, and will require good communication and interpersonal skills to convey findings in a tactful manner at the technical proficiency level of the audience. This is an opportunity for a team player to enhance a world-class team and learn new skills.  

  • Conduct traffic collection, passive/active hunt activities and analysis for threat/intrusion detection as a member of a technical team
  • Research, identify and document adversary models for actors that could have an interest or target the supported organization/site (e.g. possible intelligence sources: MITRE ATT&CK/CAR, Sqrrl, ODNI and commercial/local/criminal/open-source intelligence (OSINT))

  • Assist in analysis tool development, configuration, implementation and use

  • Strategically place, configure and manage sensor technology

  • Advanced knowledge in traffic and packet analysis using tools like Wireshark, tcpdump, Splunk, ELK, Bro, RSA and other

  • Intermediate knowledge of common forensics techniques, frameworks, tools and capabilities (i.e. EnCase, Volatility, Forensic Toolkit (FTK))

  • Develop or follow existing data analytic techniques for correlation of advanced threats TTP and indicators of compromise

  • Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)

  • Actively hunt for threat, indicators of compromise and assist on investigations of cyber security incidents

  • Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.

  • Be able to present, demonstrate, explain and document operational impact for intrusions or system compromise

  • Develop proof-of-concept examples and scenarios for reports and live demonstrations

  • Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and team members

  • Critical thinking is a must

Qualifications


Qualifications


  • 2+ years experience as a hands on network/host analyst or incident response team member
  • Minimum of active SECRET clearance is required with ability to be cleared up to TS/SCI

  • Bachelors Degree in Engineering, Applied Science or similar technical discipline OR an additional 4 years combination of education, training, and experience 

  • Must have a thorough knowledge beyond common network ports and protocol 

Desired Qualifications

 


TS/SCI Clearance is preferred

Forensics experience is preferred

GCIA, GCFE, GCFA, GNFA, GCTI or GREM  Certifications are a plus