Secure Innovations LLC
Cyber Defense Analyst 2
Secure Innovations LLC, Columbia, Maryland, United States, 21046
Why Work at SI?
Secure Innovations (SI)
successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber! Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."
SI was built on the principle that people matter first and foremost. SI believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.
Secure Innovations was recently awarded as
PRIME
on this mission-focused cyber program!
The
Cyber Defense Analyst 2
uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. Identifies, triages, and reports events that occur in order to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data. Recommends proactive security measures. Conducts analysis to isolate indicators of compromise. Notifies designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan. The Level 2 Cyber Defense Analyst shall possess the following capabilities:
Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity. Generate cybersecurity cases (including event's history, status, and potential impact for further action) and route as appropriate. Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses. Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Perform advanced manual analysis to hunt previously unidentified threats. Conduct PCAP analysis. Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols. Apply techniques for detecting host- and network-based intrusions. Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities. Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB). Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures. Conduct network - traffic, protocol and packet-level - and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump). Understand snort filters and how they are crafted and tuned to feed IDS alerting. Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting. Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host Qualifications: An Active Clearance w/ FS Poly is REQUIRED
Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required. One (1) year of demonstrated and practical experience in TCP/IP fundamentals and experience with network traffic analysis tools such as Bricata, tcpdump or Wireshark. Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm). Two (2) years of demonstrated experience in network analysis and threat analysis software utilization. Two (2) years of demonstrated experience maintaining or managing Cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools like Microsoft Sentinel. Required Certifications:
Requires DoD 8570 compliance with Information Assurance Technical (IAT) Level I or Level II certification
(A+, Network+, CCNA-Security, CND, SSCP, Security+, CySA+, GSEC, etc) Requires successful completion of the Splunk software training course "Fundamentals 1"
(This is FREE and can be completed online!)
Secure Innovations (SI)
successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber! Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."
SI was built on the principle that people matter first and foremost. SI believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.
Secure Innovations was recently awarded as
PRIME
on this mission-focused cyber program!
The
Cyber Defense Analyst 2
uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. Identifies, triages, and reports events that occur in order to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data. Recommends proactive security measures. Conducts analysis to isolate indicators of compromise. Notifies designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan. The Level 2 Cyber Defense Analyst shall possess the following capabilities:
Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity. Generate cybersecurity cases (including event's history, status, and potential impact for further action) and route as appropriate. Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses. Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Perform advanced manual analysis to hunt previously unidentified threats. Conduct PCAP analysis. Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols. Apply techniques for detecting host- and network-based intrusions. Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities. Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB). Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures. Conduct network - traffic, protocol and packet-level - and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump). Understand snort filters and how they are crafted and tuned to feed IDS alerting. Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting. Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host Qualifications: An Active Clearance w/ FS Poly is REQUIRED
Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required. One (1) year of demonstrated and practical experience in TCP/IP fundamentals and experience with network traffic analysis tools such as Bricata, tcpdump or Wireshark. Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm). Two (2) years of demonstrated experience in network analysis and threat analysis software utilization. Two (2) years of demonstrated experience maintaining or managing Cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools like Microsoft Sentinel. Required Certifications:
Requires DoD 8570 compliance with Information Assurance Technical (IAT) Level I or Level II certification
(A+, Network+, CCNA-Security, CND, SSCP, Security+, CySA+, GSEC, etc) Requires successful completion of the Splunk software training course "Fundamentals 1"
(This is FREE and can be completed online!)