iNovex Information Systems
Cyber Defense Analyst 3
iNovex Information Systems, San Antonio, Texas, United States, 78208
Job BriefCCSP Analyst baseline certification, IAT Level I or II, CE certification.
Job DescriptionWe're searching for talented individuals who provide network monitoring in order to protect data, information systems, and infrastructure.
This program will maximize the effectiveness and efficiency of our country's most important missions both at home and abroad. If you are ready to support a high-performing team that truly makes a difference,
then come join us!
Job Description:
Uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. Identifies, triages, and reports events that occur to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data. Recommends proactive security measures. Conducts analysis to isolate indicators of compromise. Notify designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
The Level 3 Cyber Defense Network Analyst shall possess the following capabilities:
Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
Generate cybersecurity cases (including event's history, status, and potential impact for further action) and route as appropriate.
Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Perform advanced manual analysis to hunt previously unidentified threats.
Conduct PCAP analysis.
Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
Apply techniques for detecting host- and network-based intrusions.
Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures.
Conduct network - traffic, protocol and packet-level - and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
Understand snort filters and how they are crafted and tuned to feed IDS alerting.
Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.
Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.
Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATTACK framework.
Understand how VBS, Jscript, and Powershell can be maliciously used within a network and what level of monitoring and auditing is required to detect.
Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence.
Provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures.
Perform after-action reviews of team products to ensure completion of analysis.
Lead and mentor team members as a technical expert.
Qualifications:
Computing Environment (CE) certification. The CE certification requirements can be fulfilled with variations of Windows, Cisco, Linux, Microsoft, Python, Red Hat, Splunk, Kibana, Advanced Cyber Defense Course, and other OS systems.
Requires successful completion of the Splunk software training course "Fundamentals 1".
Requires Global Information Assurances Certificate (GIAC) Global Certified Incident Handler (GCIH) certification, or Certified Intrusion Analyst (GCIA) certificate.
ICS/SCADA certification similar to Global Industrial Cyber Security Professional (GICSP) certification OR Global Response and Industrial Defense (GRID) certification
Eight (8) years of demonstrated experience as a CDA in programs and contracts of similar scope, type, and complexity is required.
A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity.
Two (2) years of demonstrated and practical experience in TCP/IP fundamentals
Two (2) years of demonstrated experience with Bricata, tcpdump or Wireshark
Three (3) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm)
Three (3) years of demonstrated experience in network analysis and threat analysis software utilization
Certifications:
Requires DoD 8570 compliance with CSSP Analyst baseline certification.
Information Assurance Technical (IAT) Level I or Level II certification.
Position requires active Security Clearance with appropriate Poly
graph
Pay Range:
Competitive
The RealmOne pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package. These considerations include, but are not limited to, the extent and intricacy of the role's responsibilities, the candidate's educational background, their work experience, and the specific competencies crucial for success in the role.
RealmOne Benefits:
Healthcare Coverage + Insurance: Medical: Three (3) rich healthcare options through CareFirst with 100% or majority company-paid premiums. Tax-advantaged health savings account available with generous employer contribution. Dental + Vision: 100% employer-paid for employees and family with buy-up option available.
Retirement + Savings: 401K - 10% TOTAL CONTRIBUTION - 5% safe harbor (immediate vest) - 5% annual profit share (vesting req'd).
Paid Time Off + More: 4 weeks starting PTO - 11 federal holidays + 2 floating holidays - Paid hours for company-required training.
Career Growth + Development: Access to FREE 24/7 learning via Udemy - Opportunities to participate in tech councils, industry initiatives, etc. - $7,500 annual Educational & Professional Development Assistance.
MORE BENEFITS...FOR EVERY LIFESTYLE! - Paid parental leave - Adoption assistance - Annual swag drops - Flexible work schedules - -Generous referral bonus program - Employee appreciation + family-friendly corporate events ...and much more.
ABOUT US
RealmOne is a mid-sized science and technology company dedicated to solving our customers' toughest mission challenges.
Headquartered in Columbia, MD., RealmOne supplies advanced cybersecurity, data science and software engineering services and products to customers in the Government and commercial sectors.
RealmOne delivers encompassing mission assurance and critical systems support to government customers across various U.S. locations to include Colorado, Georgia, Hawaii, Texas, Utah, and Virginia.
RealmOne has won numerous awards, to include Top Workplaces by the Baltimore Sun. Across more than 20 prime contracts, RealmOne is a premiere innovator for the Government and Department of Defense, and our team is located across the United States.
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Job DescriptionWe're searching for talented individuals who provide network monitoring in order to protect data, information systems, and infrastructure.
This program will maximize the effectiveness and efficiency of our country's most important missions both at home and abroad. If you are ready to support a high-performing team that truly makes a difference,
then come join us!
Job Description:
Uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. Identifies, triages, and reports events that occur to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data. Recommends proactive security measures. Conducts analysis to isolate indicators of compromise. Notify designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
The Level 3 Cyber Defense Network Analyst shall possess the following capabilities:
Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
Generate cybersecurity cases (including event's history, status, and potential impact for further action) and route as appropriate.
Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Perform advanced manual analysis to hunt previously unidentified threats.
Conduct PCAP analysis.
Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
Apply techniques for detecting host- and network-based intrusions.
Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures.
Conduct network - traffic, protocol and packet-level - and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
Understand snort filters and how they are crafted and tuned to feed IDS alerting.
Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.
Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.
Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATTACK framework.
Understand how VBS, Jscript, and Powershell can be maliciously used within a network and what level of monitoring and auditing is required to detect.
Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence.
Provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures.
Perform after-action reviews of team products to ensure completion of analysis.
Lead and mentor team members as a technical expert.
Qualifications:
Computing Environment (CE) certification. The CE certification requirements can be fulfilled with variations of Windows, Cisco, Linux, Microsoft, Python, Red Hat, Splunk, Kibana, Advanced Cyber Defense Course, and other OS systems.
Requires successful completion of the Splunk software training course "Fundamentals 1".
Requires Global Information Assurances Certificate (GIAC) Global Certified Incident Handler (GCIH) certification, or Certified Intrusion Analyst (GCIA) certificate.
ICS/SCADA certification similar to Global Industrial Cyber Security Professional (GICSP) certification OR Global Response and Industrial Defense (GRID) certification
Eight (8) years of demonstrated experience as a CDA in programs and contracts of similar scope, type, and complexity is required.
A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity.
Two (2) years of demonstrated and practical experience in TCP/IP fundamentals
Two (2) years of demonstrated experience with Bricata, tcpdump or Wireshark
Three (3) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm)
Three (3) years of demonstrated experience in network analysis and threat analysis software utilization
Certifications:
Requires DoD 8570 compliance with CSSP Analyst baseline certification.
Information Assurance Technical (IAT) Level I or Level II certification.
Position requires active Security Clearance with appropriate Poly
graph
Pay Range:
Competitive
The RealmOne pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package. These considerations include, but are not limited to, the extent and intricacy of the role's responsibilities, the candidate's educational background, their work experience, and the specific competencies crucial for success in the role.
RealmOne Benefits:
Healthcare Coverage + Insurance: Medical: Three (3) rich healthcare options through CareFirst with 100% or majority company-paid premiums. Tax-advantaged health savings account available with generous employer contribution. Dental + Vision: 100% employer-paid for employees and family with buy-up option available.
Retirement + Savings: 401K - 10% TOTAL CONTRIBUTION - 5% safe harbor (immediate vest) - 5% annual profit share (vesting req'd).
Paid Time Off + More: 4 weeks starting PTO - 11 federal holidays + 2 floating holidays - Paid hours for company-required training.
Career Growth + Development: Access to FREE 24/7 learning via Udemy - Opportunities to participate in tech councils, industry initiatives, etc. - $7,500 annual Educational & Professional Development Assistance.
MORE BENEFITS...FOR EVERY LIFESTYLE! - Paid parental leave - Adoption assistance - Annual swag drops - Flexible work schedules - -Generous referral bonus program - Employee appreciation + family-friendly corporate events ...and much more.
ABOUT US
RealmOne is a mid-sized science and technology company dedicated to solving our customers' toughest mission challenges.
Headquartered in Columbia, MD., RealmOne supplies advanced cybersecurity, data science and software engineering services and products to customers in the Government and commercial sectors.
RealmOne delivers encompassing mission assurance and critical systems support to government customers across various U.S. locations to include Colorado, Georgia, Hawaii, Texas, Utah, and Virginia.
RealmOne has won numerous awards, to include Top Workplaces by the Baltimore Sun. Across more than 20 prime contracts, RealmOne is a premiere innovator for the Government and Department of Defense, and our team is located across the United States.
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.