Cyberspace Ops Analyst Sr - Military veterans preferred

Description

SAIC, a leading provider of targeting & intelligence analysis, systems engineering & integration, systems development & deployment, and training capabilities and solutions for the Intelligence Community, is seeking creative and dedicated professionals to fulfill their career goals and objectives while delivering mission excellence on programs of national importance. 

 SAIC is seeking experienced Cyber Threat/Warning Analyst at multiple levels to support a program with direct impact to our country’s national security.  This position is located in Fort Meade, MD.  The position requires an active/current TS/SCI security clearance with Full Scope Polygraph and be willing and able to pass an additional polygraph as needed.

The selected candidate will be responsible for using cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity. Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate. Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses. Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

 

• Perform advanced manual analysis to hunt previously unidentified threats and conduct PCAP analysis.
• Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols and apply techniques for detecting host- and network-based intrusions.
• Have a working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
• Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
• Have familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures.
• Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
• Understand snort filters and how they are crafted and tuned to feed IDS alerting and system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.
• Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information and perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Be familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host and demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATTACK framework.
• Understand how VBS, Jscript, and Powershell can be maliciously used within a network and what level of monitoring and auditing is required to detect.
• Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence and provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures.
• Perform after-action reviews of team products to ensure completion of analysis and lead and mentor team members as a technical expert.

Qualifications

TYPICAL EDUCATION AND EXPERIENCE:

CDA1: No demonstrated experience is required. Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.

CDA2: Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required.  A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity. Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.

• One (1) year of demonstrated and practical experience in TCP/IP fundamentals.
• One (1) year of demonstrated experience with network traffic analysis tools such as Bricata, tcpdump or Wireshark.
• Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).
• Two (2) years of demonstrated experience in network analysis and threat analysis software utilization.
• Requires successful completion of the Splunk software training course "Fundamentals 1".
• Two (2) years of demonstrated experience maintaining or managing Cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools like Microsoft Sentinel.

Additional Requirements: CDA2 (Wireless): Wireless certification similar to Certified

Wireless Network Administrator (CWNA) to GIAC Assessing and Auditing Wireless Networks

(GAWN), Certified Wireless security Professional (CWSP), Offensive Security Wireless Fidelity

(OSWP), Cisco Certified Network Associate (CCNA-Wireless), OR Cisco Certified Network Professional (CCNP-Wireless).

Additional Requirements: CDA2 (SCADA) : ICS/SCADA certification similar to Global Industrial Cyber Security Professional (GICSP) certification OR Global Response and Industrial

Defense (GRID) certification.

CDA3: Eight (8) years of demonstrated experience as a CDA in programs and contracts of similar scope, type, and complexity is required.  A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity. Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.

• Two (2) years of demonstrated and practical experience in TCP/IP fundamentals.
• Two (2) years of demonstrated experience with network traffic analysis tools such as Bricata, tcpdump or Wireshark.
• Three (3) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).
• Three (3) years of demonstrated experience in network analysis and threat analysis software utilization.
• Requires Global Information Assurances Certification (GIAC) Certified Incident Handler (GCIH) certificate or Certified Intrusion Analyst (GCIA) certificate.
• Requires successful completion of the Splunk software training course "Fundamentals 1"
• Three (3) years of demonstrated experience maintaining or managing Cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools like Microsoft Sentinel.

Additional Requirements: CDA3 (ICS/SCADA): ICS/SCADA certification similar to Requires

Global Industrial Cyber Security Professional (GICSP) certification OR Global Response and Industrial Defense (GRID) certification.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.