Host Based Systems Analyst II
DigiFlight, Inc. · Columbia, MD · 2 mo ago
Information TechnologyFull-time
Responsibilities
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Coincide with enterprise-wide cyber defense staff to validate network alerts
- Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
- Perform cyber defense trend analysis and reporting
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of alerts
- Timely detect, identify, and alert of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
- Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
- Determine tactics, techniques, and procedures (TTPs) for intrusion sets
- Examine network topologies to understand data flows through the network
- Identify and analyze anomalies in network traffic using metadata
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
- Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools
- Identify applications and operating systems of a network device based on network traffic
- Reconstruct a malicious attack or activity based off network traffic
- Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan
Required Skills/Clearances
- U.S. Citizenship
- Active TS/SCI clearance
- Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
- 5+ years of direct relevant experience in cyber defense analysis using leading edge technologies and industry standard cyber defense tools
- Experience successfully developing and deploying signatures
- Experience detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
- Experience implementing incident handling methodologies
- Experience implementing protocol analyzers
- Experience collecting data from a variety of cyber defense resources
- Experience reading and interpreting signatures (e.g. snort)
- Experience performing packet-level analysis
- Experience conducting trend analysis
- BS Computer Science, Cyber Security, Computer Engineering, or related degree; or HS Diploma & 7-9 years of network investigations experience
- One or more of the following professional certifications: GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE
Desired Skills
- GSEC (SANS401)
- Arcsight (or other SEIM solution)
- Network+
- Security+
- Python programming experience
- Strong math and science background
- Experience with Carnegie Mellon SiLK tool suite
Required Education
- BS Computer Science, Cyber Security, Computer Engineering, or related degree
- or HS Diploma & 7-9 years of network investigations experience