Strategic ASI
Cyber Security Engineer-Principal
Strategic ASI, Springfield, Virginia, us, 22161
Our client is seeking a Cyber Security Engineer to join our team in the Springfield, Virginia area.
Responsibilities include, but are not limited to:Support Cyber Operations activities to publish up-to-date cybersecurity tool signatures(e.g. anti-virus and host based security systems)
Provide focused analysis, including reverse malware engineering, against intrusion,anomalies, malware, viruses to identify critical information about source, intended target,affected systems or hosts, recommended mitigation measures and risk to mission
Formulate custom Security Information and Event Management (SIEM) tool content andIDS/IPS signatures to address threats
Performs security event and incident correlation using information gathered from avariety of sources within the enterprise
Analyzes and assesses damage to the data / infrastructure as a result of cyber incidentsPerforms cyber incident trend analysis and reporting.Characterizes and performs analysis of network traffic and system data to identifyanomalous activity and potential threats to resources.
Provides detection, identification, and reporting of possible cyber-attacks/intrusions,anomalous activities, and misuse activities
Create and deploy threat-based signatures for operational intrusion detection capabilities.Create and implement detection rules from intelligence reporting
Basic Qualifications:
Minimum Education: B.S. or equivalent experience in related fieldMinimum/General Experience: 7 years of related experienceExperience with modern Windows, UNIX, network operating systems, databases, andvirtual computing
DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNA-Security)) required.
CNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certificationrequired.Experience performing analysis of network traffic and correlating diverse security logs toperform recommendations for signature development
Knowledge with implementation of counter-measures or mitigating controls.Ability to support incident response and forensic operations as required to includestatic/dynamic malware analysis and reverse engineering.
Experience with enterprise security tools, including Security information and eventmanagement (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools
Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches andother detection signatures.
Proficient in Linux operating systemsAdvanced skills in Linux/Unix (command line user - proficient and used in last 6 months)Working knowledge of current COTS Cybersecurity technologies.Must be able to multi-task, work independently and as part of a team, share workloads, and deal withsudden shifts in project priorities.
Responsibilities include, but are not limited to:Support Cyber Operations activities to publish up-to-date cybersecurity tool signatures(e.g. anti-virus and host based security systems)
Provide focused analysis, including reverse malware engineering, against intrusion,anomalies, malware, viruses to identify critical information about source, intended target,affected systems or hosts, recommended mitigation measures and risk to mission
Formulate custom Security Information and Event Management (SIEM) tool content andIDS/IPS signatures to address threats
Performs security event and incident correlation using information gathered from avariety of sources within the enterprise
Analyzes and assesses damage to the data / infrastructure as a result of cyber incidentsPerforms cyber incident trend analysis and reporting.Characterizes and performs analysis of network traffic and system data to identifyanomalous activity and potential threats to resources.
Provides detection, identification, and reporting of possible cyber-attacks/intrusions,anomalous activities, and misuse activities
Create and deploy threat-based signatures for operational intrusion detection capabilities.Create and implement detection rules from intelligence reporting
Basic Qualifications:
Minimum Education: B.S. or equivalent experience in related fieldMinimum/General Experience: 7 years of related experienceExperience with modern Windows, UNIX, network operating systems, databases, andvirtual computing
DoD 8570 certification meeting IAT Level II ((GSEC, Security+, SSCP, or CCNA-Security)) required.
CNDSP-A (GCIA, GCIH, or CEH) or CNDSP-IR (GCIH, CSIH, or CEH) certificationrequired.Experience performing analysis of network traffic and correlating diverse security logs toperform recommendations for signature development
Knowledge with implementation of counter-measures or mitigating controls.Ability to support incident response and forensic operations as required to includestatic/dynamic malware analysis and reverse engineering.
Experience with enterprise security tools, including Security information and eventmanagement (SIEM), Threat intelligence platforms (TIPs), or Network monitoring tools
Experience in creating, modifying, tuning, IDS signatures/SIEM correlation searches andother detection signatures.
Proficient in Linux operating systemsAdvanced skills in Linux/Unix (command line user - proficient and used in last 6 months)Working knowledge of current COTS Cybersecurity technologies.Must be able to multi-task, work independently and as part of a team, share workloads, and deal withsudden shifts in project priorities.