Global Engineering & Technology, Inc.
Cyber Defense Analyst / Mostly Remote
Global Engineering & Technology, Inc., Washington, District of Columbia, us, 20022
Security Clearance:This position requires a current DOE Q or DoD Top Secret security clearance.
THIS IS A MOSTLY-REMOTE POSITION WITH SOME TRAVEL.In its majority, work will be performed remotely, from the employee's place of residence.
Pre-planned travel to Oak Ridge, Tennessee, for on-site interaction, support, and training will be required up to 15% of the time.Global Engineering and Technology (GET)
is seeking qualified applicants for the position of
Cyber Defense Analyst
to join our mission as part of a cybersecurity team supporting a sensitive national security site belonging to the United States Department of Energy (DOE). This is a highly compensated, high-responsibility technical guidance position that is central to our mission's success.
Compensation Range:
$135,000 - $150,000 / YearThe
Cyber Defense Analyst (CDA)
uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.Responsibilities:Develop content for cyber defense toolsCharacterize and analyze network traffic to identify anomalous activity and potential threats to network resourcesCoordinate with enterprise-wide cyber defense staff to validate network alertsDocument and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environmentPerform cyber defense trend analysis and reportingPerform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attackProvide daily summary reports of network events and activity relevant to cyber defense practicesReceive and analyze network alerts from various sources within the enterprise and determine possible causes of such alertsProvide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activitiesUse cyber defense tools for continual monitoring and analysis of system activity to identify malicious activityAnalyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and informationExamine network topologies to understand data flow through the networkIdentify applications and operating systems of a network device based on network trafficReconstruct a malicious attack or activity based off of network trafficNotify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response planRequirementsSecurity Clearance:This position requires a current DOE "Q" or DoD, DHS, or IC "Top Secret" security clearance.
Required experience:5 years of hands-on cyber defense analysis executing the responsibilities described in the bullet points aboveThis position requires proven experience in notifying designated managers, cyber incident responders, and cybersecurity service provider team members of suspected security incidents and communicating the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.Required knowledge (as demonstrated by technical expertise and certification):Computer networking concepts and protocols, and network security methodologiesCyber threats and vulnerabilitiesAuthentication, authorization, and access control methodsCyber defense and vulnerability assessment tools and their capabilitiesHost/network access control mechanisms (e.g., access control list, capabilities lists)Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)Incident response and handling methodologiesIntrusion detection methodologies and techniques for detecting host and network-based intrusionsInformation technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)Network access, identity, and access managementNetwork traffic analysis methodsOperating systemsSystem and application security threats and vulnerabilitiesVirtual Private Network (VPN) securityWhat constitutes a network attack and a network attack’s relationship to both threats and vulnerabilitiesInsider Threat investigations, reporting, investigative tools and laws/regulationsAdversarial tactics, techniques, and proceduresNetwork tools (e.g., ping, traceroute, nslookup)The common attack vectors on the network layerSignature implementation impact for viruses, malware, and attacksWindows/Unix ports and servicesThe use of sub-netting toolsOperating system command-line toolsIntrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applicationsNetwork protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory servicesRequired skills (as demonstrated by technical expertise and certification):Developing and deploying signaturesDetecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)Using incident handling methodologiesRecognizing and categorizing types of vulnerabilities and associated attacksReading and interpreting signaturesPerforming packet-level analysisAbility to analyze malwareConduct vulnerability scans and recognize vulnerabilities in security systemsAccurately and completely source all data used in intelligence, assessment and/or planning productsApply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Apply techniques for detecting host and network-based intrusions using intrusion detection technologiesInterpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable mannerBenefitsWe provide exceptional benefits to our full-time employees
( spouse/family coverage option is available at a company-subsidized rate ).Benefits include:Medical Plan Options With UnitedHealthcareDental InsuranceLong-term and Short-term Disability InsuranceLife InsuranceAD&D InsuranceGenerous 401(k) MatchAll benefits are effective on day one of employment.Global Engineering & Technology, Inc. (GET) does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
THIS IS A MOSTLY-REMOTE POSITION WITH SOME TRAVEL.In its majority, work will be performed remotely, from the employee's place of residence.
Pre-planned travel to Oak Ridge, Tennessee, for on-site interaction, support, and training will be required up to 15% of the time.Global Engineering and Technology (GET)
is seeking qualified applicants for the position of
Cyber Defense Analyst
to join our mission as part of a cybersecurity team supporting a sensitive national security site belonging to the United States Department of Energy (DOE). This is a highly compensated, high-responsibility technical guidance position that is central to our mission's success.
Compensation Range:
$135,000 - $150,000 / YearThe
Cyber Defense Analyst (CDA)
uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.Responsibilities:Develop content for cyber defense toolsCharacterize and analyze network traffic to identify anomalous activity and potential threats to network resourcesCoordinate with enterprise-wide cyber defense staff to validate network alertsDocument and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environmentPerform cyber defense trend analysis and reportingPerform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attackProvide daily summary reports of network events and activity relevant to cyber defense practicesReceive and analyze network alerts from various sources within the enterprise and determine possible causes of such alertsProvide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activitiesUse cyber defense tools for continual monitoring and analysis of system activity to identify malicious activityAnalyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and informationExamine network topologies to understand data flow through the networkIdentify applications and operating systems of a network device based on network trafficReconstruct a malicious attack or activity based off of network trafficNotify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response planRequirementsSecurity Clearance:This position requires a current DOE "Q" or DoD, DHS, or IC "Top Secret" security clearance.
Required experience:5 years of hands-on cyber defense analysis executing the responsibilities described in the bullet points aboveThis position requires proven experience in notifying designated managers, cyber incident responders, and cybersecurity service provider team members of suspected security incidents and communicating the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.Required knowledge (as demonstrated by technical expertise and certification):Computer networking concepts and protocols, and network security methodologiesCyber threats and vulnerabilitiesAuthentication, authorization, and access control methodsCyber defense and vulnerability assessment tools and their capabilitiesHost/network access control mechanisms (e.g., access control list, capabilities lists)Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)Incident response and handling methodologiesIntrusion detection methodologies and techniques for detecting host and network-based intrusionsInformation technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)Network access, identity, and access managementNetwork traffic analysis methodsOperating systemsSystem and application security threats and vulnerabilitiesVirtual Private Network (VPN) securityWhat constitutes a network attack and a network attack’s relationship to both threats and vulnerabilitiesInsider Threat investigations, reporting, investigative tools and laws/regulationsAdversarial tactics, techniques, and proceduresNetwork tools (e.g., ping, traceroute, nslookup)The common attack vectors on the network layerSignature implementation impact for viruses, malware, and attacksWindows/Unix ports and servicesThe use of sub-netting toolsOperating system command-line toolsIntrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applicationsNetwork protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory servicesRequired skills (as demonstrated by technical expertise and certification):Developing and deploying signaturesDetecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)Using incident handling methodologiesRecognizing and categorizing types of vulnerabilities and associated attacksReading and interpreting signaturesPerforming packet-level analysisAbility to analyze malwareConduct vulnerability scans and recognize vulnerabilities in security systemsAccurately and completely source all data used in intelligence, assessment and/or planning productsApply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Apply techniques for detecting host and network-based intrusions using intrusion detection technologiesInterpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)Excellent report writing and presentation skills with the ability to explain technical details in a concise, understandable mannerBenefitsWe provide exceptional benefits to our full-time employees
( spouse/family coverage option is available at a company-subsidized rate ).Benefits include:Medical Plan Options With UnitedHealthcareDental InsuranceLong-term and Short-term Disability InsuranceLife InsuranceAD&D InsuranceGenerous 401(k) MatchAll benefits are effective on day one of employment.Global Engineering & Technology, Inc. (GET) does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.