Synergy ECP
Cyber Hunt Analyst
Synergy ECP, Columbia, Maryland, United States, 21046
Synergy ECP is a Service-Disabled Veteran-Owned Small Business (SD(VOSB)) that was formed in July 2007 with Headquarters in Columbia, MD. We are made up of talented, dedicated staff to provide a broad range of services to the defense, intelligence, and health care industries.In an ultra-competitive environment, Synergy ECP has thrived by adhering to our name, making sure excellence is displayed by our Employees, to our Customers, and by Improving Performance (ECP).It’s what sets us apart, enabling us to be an autonomous yet agile business that delivers huge results - showing we’re ready to meet our customers’ evolving demands.Synergy ECP has earned a client list that includes numerous Fortune 100 companies, in addition to multiple branches of the US government and military services.Synergy ECP is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, veteran status, or any other protected class.
Clearance Required: TS/SCI
Other Requirements: U.S. Citizenship
Description:Discover and characterize network and platform anomalies to include cross-domain violations and submit findings to the Reporting Team Lead for analysis and report generation.Monitor, identify and analyze anomalous network activities on various networks.Conduct multi-source threat analyses to examine host behaviors and network traffic for high-priority malicious attacks, anomalous traffic, or other incidents of interest, as well as generate reports as appropriate.Integrate Cyber Threat Intelligence to inform customers on newly discovered threats and vulnerabilities associated with the technologies used in the enterprise for the purpose of developing hunt analytics. Any shareable vulnerability information will be made available for traditional tipping and alerting to the broader customer base.Monitor adversarial capabilities, exploits, vulnerabilities, mitigation techniques, and best practices information and guidance through all-source research.Identify areas for deeper dive analysis of threat and vulnerabilities.Examine network topologies to understand data flows through networks and provide mechanisms to tip countermeasures.Employ analysis and tools to discover new threat actors.Implement the applicable reporting guidelines outlined in applicable directives and guidance.Conduct research/planning for strategy development in response to real-time operational requirements.Identify and document gaps in all data (e.g., netflow, syslog, etc.) that affect the customer mission in order to determine how to better posture mission capabilities.Develop, document, and synchronize the recommendations and the tasking of signature and rule sets across all sensors (e.g., IDS, FW, etc.) used by the customer.Knowledge of systems configuration and management of firewalls, IDS, servers, and workstations.Experience with Red Team and/or Penetration Testing.Knowledge of incident categories, incident responses, and timelines for responses.Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data.Demonstrated experience supporting external investigations.Familiarity with software development and network operations concepts and methodologies.Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools such as EnCase and open-source alternatives.Experience with the Windows and Linux operating systems.Experience with investigating malicious code.Experience with scripting (PowerShell, Python, Java).
Desired Skills:
Tier III Analyst experience, Network Analytics, Incident Investigations, Reverse Engineering and Malware Analysis, Task Prioritization.Strong comfort level with IPv4, TCP/IP, and RFC data, low-level networking and protocols, TCP/UDP Ports for Apps, and understanding of what is normal/abnormal endpoint and on-wire activity.Experience in Cloud Environment using cloud analytics and PIG scripts/jobs to present data and using the Hadoop Distributed File System.Use of SIEMs or scripting to pull data into usable formats. Notification sources are Antivirus, HIDS, NIDS, IPS, and Firewalls.Experience with Wireless and SCADA are a plus.Ability to work extremely well under pressure while maintaining a professional image and approach.Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause.
#J-18808-Ljbffr
Clearance Required: TS/SCI
Other Requirements: U.S. Citizenship
Description:Discover and characterize network and platform anomalies to include cross-domain violations and submit findings to the Reporting Team Lead for analysis and report generation.Monitor, identify and analyze anomalous network activities on various networks.Conduct multi-source threat analyses to examine host behaviors and network traffic for high-priority malicious attacks, anomalous traffic, or other incidents of interest, as well as generate reports as appropriate.Integrate Cyber Threat Intelligence to inform customers on newly discovered threats and vulnerabilities associated with the technologies used in the enterprise for the purpose of developing hunt analytics. Any shareable vulnerability information will be made available for traditional tipping and alerting to the broader customer base.Monitor adversarial capabilities, exploits, vulnerabilities, mitigation techniques, and best practices information and guidance through all-source research.Identify areas for deeper dive analysis of threat and vulnerabilities.Examine network topologies to understand data flows through networks and provide mechanisms to tip countermeasures.Employ analysis and tools to discover new threat actors.Implement the applicable reporting guidelines outlined in applicable directives and guidance.Conduct research/planning for strategy development in response to real-time operational requirements.Identify and document gaps in all data (e.g., netflow, syslog, etc.) that affect the customer mission in order to determine how to better posture mission capabilities.Develop, document, and synchronize the recommendations and the tasking of signature and rule sets across all sensors (e.g., IDS, FW, etc.) used by the customer.Knowledge of systems configuration and management of firewalls, IDS, servers, and workstations.Experience with Red Team and/or Penetration Testing.Knowledge of incident categories, incident responses, and timelines for responses.Experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data.Demonstrated experience supporting external investigations.Familiarity with software development and network operations concepts and methodologies.Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools such as EnCase and open-source alternatives.Experience with the Windows and Linux operating systems.Experience with investigating malicious code.Experience with scripting (PowerShell, Python, Java).
Desired Skills:
Tier III Analyst experience, Network Analytics, Incident Investigations, Reverse Engineering and Malware Analysis, Task Prioritization.Strong comfort level with IPv4, TCP/IP, and RFC data, low-level networking and protocols, TCP/UDP Ports for Apps, and understanding of what is normal/abnormal endpoint and on-wire activity.Experience in Cloud Environment using cloud analytics and PIG scripts/jobs to present data and using the Hadoop Distributed File System.Use of SIEMs or scripting to pull data into usable formats. Notification sources are Antivirus, HIDS, NIDS, IPS, and Firewalls.Experience with Wireless and SCADA are a plus.Ability to work extremely well under pressure while maintaining a professional image and approach.Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause.
#J-18808-Ljbffr