Logo
Strategic ASI

Strategic ASI is hiring: Cybersecurity Signature Analyst in Springfield

Strategic ASI, Springfield, VA, United States, 22161

Our client is seeking a Cybersecurity Signature Analyst:

Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model, will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed.

What You'll Get to Do:

  • Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed;
  • Coordinates with other Cybersecurity Operations to develop or tune rules/signatures/scripts;
  • Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on NGA systems, and develop or tune rules/signatures/scripts as needed;

More About the Role:
  • Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed;
  • Improve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed;
  • Assists the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise;
  • Documents all work in the authorized ticketing system with a sufficient level of detail to ensure the Government and other contract services can systematically reconstruct the analysis;
  • Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;

You'll Bring These Qualifications:
  • Must be a US Citizen with an Active TS/SCI.
  • 8+ years of related advanced cyber security analytics work experience.
  • Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
  • Experience with data mining or building queries in a SIEM.
  • Strong understanding of signature development and tuning.
  • Strong understanding of network protocols and analysis with protocol analyzers.
  • Knowledge of static file signatures, i.e. "magic numbers" and how it applies to developing countermeasures for files in transit and that reside locally on a host.
  • Good working knowledge of regular expressions.
  • Preferred Skills:
  • Comfortable in a hex editor.
  • Ability to write python/bash/powershell scripts.
  • Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
  • Good understanding of Purple Team Tactics.