Logo
Bristol Bay Shared Services

Defensive Counter Cyber - DCC - Senior

Bristol Bay Shared Services, San Antonio, TX


STS Systems Support, LLC (SSS) is seeking a Defensive Counter Cyber - DCC - Senior

Requirements:
  • DoDD 8570.01-M/8140.01 I AT Level III CND
  • Active TS/SCI
  • More than 5 years of experience with extensive knowledge of operating systems fundamentals. BA/BS or MA/MS
  • More than five (5) years of experience with extensive knowledge of Operating systems fundamentals (Windows and/or Unix/Linux), System administration (Windows and/or Unix/Linux), Network traffic analysis, Penetration testing, Network security, Incident response & Incident response handling, Computer and network forensics, Vulnerability and malware analysis.
  • Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e-mail, domain controller, file server, Active Directory) and analysis of their logs
  • Extensive knowledge of digital evidence collection, handling and security
  • Experience with computer incident response and analysis and report dissemination
  • Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort
  • Experience with standard DoD network topology and DMZ boundary protection
  • Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.
  • Expert knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)

Duties:

  • Perform threat hunting for suspicious activity based on anomalous activity and indicators of compromise from various intelligence sources and toolsets.
  • Comply with 3rd party MOU/MOA monitoring and reporting requirements. (CDRL A002)
  • Identify intrusions and vulnerabilities and recommend mitigation strategies and techniques to secure networks.
  • Identify, analyze and develop defensive counter cyber measures to thwart advanced persistent threats and intrusions of AF networks, domains and enclaves.
  • Conduct and support Defensive Counter Cyber Operations to interactively search for Advanced Persistent Threats (APT) and Indicators of Compromise (IOC) using enhanced data collection and analysis methods.
  • Provide incident response impact assessments.
  • Produce network security posture assessments. (CDRL A008)
  • Analyze systems for suspicious activities related to the DCO mission
  • Determine exploitation methods and attack vectors.
  • Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
  • Create and document metrics for reporting and analysis to improve weapon system processes, procedures, and mission execution. (CDRL A009)
  • Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
  • Provide requested information to operational flight commander as it relates to the Incident Response processes and procedures.
  • Utilize the Mitre ATT&CK Matrix in performance of duties.
  • Plan hypothesis-based threat hunt missions. Utilize current Cyber Threat Intel team provided information in threat prioritization/hunt creation.
  • Execute hunt mission within specified cyber terrain.
  • Coordinate with ESM and Content Development to automate threat hunts and/or develop standing detections for threat hunts.
  • Request Tactical Validation and Assessment (TVA) to validate hunt techniques and/or created alerting mechanisms.
  • Identify and report coverage gaps in detection and weapon system visibility/capability.
  • Develop hypothesized schemes-of-maneuver of adversary behavior as needed for hunt missions in coordination with Cyber Threat Intel team.
  • Leverage the MITRE ATT&CK matrix to map adversarial TTPs to current security coverage within specified cyber terrain.
  • Develop threat hunts for emerging cyber threats, to include 0-day proof-of-concepts, CVE exploitation, and adversary TTPs.
  • Organize and analyze collected data to determine trends, perform long-tail and frequency analysis of host and network artifacts, and baseline enterprise activity.