Cyber Defense Analyst / Mostly Remote

Security Clearance:

This position requires a current DOE Q or DoD Top Secret security clearance.

THIS IS A MOSTLY-REMOTE POSITION WITH SOME TRAVEL.

In its majority, work will be performed remotely, from the employee's place of residence. Pre-planned travel to Amarillo, Texas, for on-site interaction, support, and training will be required up to 15% of the time.

Global Engineering and Technology (GET) is seeking qualified applicants for the position of Cyber Defense Analyst to join our mission as part of a cybersecurity team supporting a sensitive national security site belonging to the United States Department of Energy (DOE). This is a highly compensated, high-responsibility technical guidance position that is central to our mission's success.

Compensation Range: $135,000 - $150,000 / Year

The Cyber Defense Analyst (CDA) uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.

Responsibilities:

• Develop content for cyber defense tools
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Coordinate with enterprise-wide cyber defense staff to validate network alerts
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
• Perform cyber defense trend analysis and reporting
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Provide daily summary reports of network events and activity relevant to cyber defense practices
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Examine network topologies to understand data flow through the network
• Identify applications and operating systems of a network device based on network traffic
• Reconstruct a malicious attack or activity based off of network traffic
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan

Requirements

Security Clearance:

This position requires a current DOE "Q" or DoD, DHS, or IC "Top Secret" security clearance.

Required experience:

• 5 years of hands-on cyber defense analysis executing the responsibilities described in the bullet points above
• This position requires proven experience in notifying designated managers, cyber incident responders, and cybersecurity service provider team members of suspected security incidents and communicating the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.

Required knowledge (as demonstrated by technical expertise and certification):

• Computer networking concepts and protocols, and network security methodologies
• Cyber threats and vulnerabilities
• Authentication, authorization, and access control methods
• Cyber defense and vulnerability assessment tools and their capabilities
• Host/network access control mechanisms (e.g., access control list, capabilities lists)
• Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
• Incident response and handling methodologies
• Intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
• Network access, identity, and access management
• Network traffic analysis methods
• Operating systems
• System and application security threats and vulnerabilities
• Virtual Private Network (VPN) security
• What constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
• Insider Threat investigations, reporting, investigative tools and laws/regulations
• Adversarial tactics, techniques, and procedures
• Network tools (e.g., ping, traceroute, nslookup)
• The common attack vectors on the network layer
• Signature implementation impact for viruses, malware, and attacks
• Windows/Unix ports and services
• The use of sub-netting tools
• Operating system command-line tools
• Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications
• Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Required skills (as demonstrated by technical expertise and certification):

• Developing and deploying signatures
• Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
• Using incident handling methodologies
• Recognizing and categorizing types of vulnerabilities and associated attacks
• Reading and interpreting signatures
• Performing packet-level analysis
• Ability to analyze malware
• Conduct vulnerability scans and recognize vulnerabilities in security systems
• Accurately and completely source all data used in intelligence, assessment and/or planning products
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• Interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)
• Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable manner

Benefits

We provide exceptional benefits to our full-time employees (spouse/family coverage option is available at a company-subsidized rate).

Benefits include:

• Medical Plan Options With UnitedHealthcare

• Dental Insurance
• Long-term and Short-term Disability Insurance
• Life Insurance
• AD&D Insurance
• Generous 401(k) Match

All benefits are effective on day one of employment.

Global Engineering & Technology, Inc. (GET) does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.