Bristol Bay Shared Services
Defensive Counter Cyber - DCC - Senior
Bristol Bay Shared Services, San Antonio, TX
STS Systems Support, LLC (SSS) is seeking a Defensive Counter Cyber - DCC - Senior
Requirements:
Duties:
Requirements:
- DoDD 8570.01-M/8140.01 I AT Level III CND
- Active TS/SCI
- More than 5 years of experience with extensive knowledge of operating systems fundamentals. BA/BS or MA/MS
- More than five (5) years of experience with extensive knowledge of Operating systems fundamentals (Windows and/or Unix/Linux), System administration (Windows and/or Unix/Linux), Network traffic analysis, Penetration testing, Network security, Incident response & Incident response handling, Computer and network forensics, Vulnerability and malware analysis.
- Extensive knowledge of network firewalls, computer and server log analysis, computer network servers (DNS, proxy, e-mail, domain controller, file server, Active Directory) and analysis of their logs
- Extensive knowledge of digital evidence collection, handling and security
- Experience with computer incident response and analysis and report dissemination
- Extensive knowledge and experience with network packet capture and analysis software such as WireShark (Ethereal) and Snort
- Experience with standard DoD network topology and DMZ boundary protection
- Experience with system analysis software (i.e. EnCase/EnCase Enterprise or FTK), software coding and debugging, and the virtual machine (VM) environment.
- Expert knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
Duties:
- Perform threat hunting for suspicious activity based on anomalous activity and indicators of compromise from various intelligence sources and toolsets.
- Comply with 3rd party MOU/MOA monitoring and reporting requirements. (CDRL A002)
- Identify intrusions and vulnerabilities and recommend mitigation strategies and techniques to secure networks.
- Identify, analyze and develop defensive counter cyber measures to thwart advanced persistent threats and intrusions of AF networks, domains and enclaves.
- Conduct and support Defensive Counter Cyber Operations to interactively search for Advanced Persistent Threats (APT) and Indicators of Compromise (IOC) using enhanced data collection and analysis methods.
- Provide incident response impact assessments.
- Produce network security posture assessments. (CDRL A008)
- Analyze systems for suspicious activities related to the DCO mission
- Determine exploitation methods and attack vectors.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Create and document metrics for reporting and analysis to improve weapon system processes, procedures, and mission execution. (CDRL A009)
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Provide requested information to operational flight commander as it relates to the Incident Response processes and procedures.
- Utilize the Mitre ATT&CK Matrix in performance of duties.
- Plan hypothesis-based threat hunt missions. Utilize current Cyber Threat Intel team provided information in threat prioritization/hunt creation.
- Execute hunt mission within specified cyber terrain.
- Coordinate with ESM and Content Development to automate threat hunts and/or develop standing detections for threat hunts.
- Request Tactical Validation and Assessment (TVA) to validate hunt techniques and/or created alerting mechanisms.
- Identify and report coverage gaps in detection and weapon system visibility/capability.
- Develop hypothesized schemes-of-maneuver of adversary behavior as needed for hunt missions in coordination with Cyber Threat Intel team.
- Leverage the MITRE ATT&CK matrix to map adversarial TTPs to current security coverage within specified cyber terrain.
- Develop threat hunts for emerging cyber threats, to include 0-day proof-of-concepts, CVE exploitation, and adversary TTPs.
- Organize and analyze collected data to determine trends, perform long-tail and frequency analysis of host and network artifacts, and baseline enterprise activity.