Jobs · Information Technology · Maryland

Cyber Defense Analyst 3 (CDA3) with Security Clearance

RealmOne · Baltimore, MD · 2 wk ago
Information Technology$104k/yrFull-time

About the role

The Cyber Defense Analyst 3 will utilize advanced cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity. They will generate cybersecurity cases and route them as necessary, leveraging their knowledge of network protocols and detection methods to defend against abuses. This role involves applying cybersecurity and privacy principles to organizational needs, performing advanced manual analysis to identify previously unknown threats, conducting PCAP analysis, identifying cyber-attack phases, and more.

Responsibilities

  • Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
  • Generate cybersecurity cases including event's history, status, and potential impact for further action and route as appropriate.
  • Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
  • Apply cybersecurity and privacy principles to organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation).
  • Perform advanced manual analysis to hunt previously unidentified threats.
  • Conduct PCAP analysis.
  • Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models, and protocols.
  • Apply techniques for detecting host- and network-based intrusions.
  • Work with enterprise-level network intrusion detection/prevention systems and firewall capabilities.
  • Understand the foundations of a hardened Windows network and its native services and protocols subject to abuse (RDP, Kerberos, NTLM, WMI, SMB).
  • Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation-related attacks in raw packet captures.
  • Conduct network traffic, protocol, and packet-level analysis for anomalous values that may be security-relevant using appropriate tools (Wireshark, tshark, tcpdump).
  • Understand Snort filters and how they are crafted and tuned to feed IDS alerting.
  • Understand system and application security threats and vulnerabilities, including buffer overflow, SQL injection, race conditions, covert channels, replay, and return-oriented attacks, malicious code, and malicious scripting.
  • Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
  • Familiar with indicators of Command and Control (C2) channels and strategies attackers use to bypass enterprise defenses from a compromised host.
  • Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATT&CK framework.
  • Understand how VBS, JScript, and PowerShell can be maliciously used within a network and the level of monitoring and auditing required to detect.
  • Possess deep knowledge of Active Directory abuse used by attackers for lateral movement and persistence.
  • Provide expertise in identifying adversarial Tactics, Techniques, and Procedures (TTPs) and developing and deploying signatures.
  • Perform after-action reviews of team products to ensure analysis completion.
  • Lead and mentor team members as a technical expert.

Qualifications

  • Eight (8) years of demonstrated experience as a CDA in programs and contracts of similar scope, type, and complexity.
  • A technical bachelor's degree from an accredited college or university may substitute for two (2) years of CDA experience on projects of similar scope, type, and complexity.
  • Two (2) years of demonstrated and practical experience in TCP/IP fundamentals.
  • Two (2) years of demonstrated experience with network traffic analysis tools such as Bricata, tcpdump, or Wireshark.
  • Three (3) years of demonstrated experience using security information and event management suites (Splunk, ArcSight, Kibana, LogRhythm).
  • Three (3) years of demonstrated experience in network analysis and threat analysis software utilization.

Certifications Required

  • DoD 8570 compliance with: CSSP Analyst baseline certification.
  • Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, CentOS/Red Hat OS CE certifications.
  • Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH) certificate or Certified Intrusion Analyst (GCIA) certificate.
  • Successful completion of the Splunk software training course "Fundamentals 1."

Pay

$103,806 per year

Schedule

24x7 SHIFT - 12 hour shift

Similar jobs

Cyber Defense Analyst 3

The Swift Group, LLCAnnapolis Junction, MD· 1 wk ago
Information Technology$50k–$290k/yrapply on jobs.gem.com