Cyber Defense Forensics Analyst Oakridge, Tennessee or Amarillo, Texas

Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.Key Skills & Experience5-7 years of directly relevant experience in network investigations.In-depth knowledge of standard protocols – ICMP, HTTP/S, DNS, SSH, SMTP, SMB, NFS, etc.In-depth knowledge and experience of network topologies - DMZ’s, WAN’s, etc.Substantial knowledge of Splunk (or other SIEM’s).Understanding of MITRE Adversary Tactics, Techniques and Common Knowledge (ATT&CK).Experience with Snort Rules, Yara Rules, PCAP Analysis, network topologies/network architecture (TCP/IP), diagrams, TAPS, SPAN ports, mirroring, Berkley packet filters, netflow, syslog, network communications protocols, Regex/Query/Scripting languages, Python, JSON, VMWare, indicators of compromise (IOCs), RedHat/Linux use (CLI).Experience with reconstructing a malicious attack or activity.Ability to characterize and analyze network traffic, identify anomalous activity / potential threats, analyze anomalies in network traffic using metadata.Demonstrated use with: Zeek/Bro, Gigamon or other packet brokers, Wireshark, ELKStack, ArcSight, SourceFire NetWitness, Tanium, Palo Alto, TCPDump, Tshark, Nagios, Suricata, Corelight, Various firewalls (F/W) and router set-up/admin, domain tools (IRIS), AWS Cloud, MS Azure, Google Cloud.Education, Certifications, & CredentialsBS Computer Science, Cybersecurity, Computer Engineering or related degree.One or more of the following certifications: GCFA, GCFE, EnCE, CCE, CFCE, CEH, CCNA, CCSP, CCIE, OSCP, GNFA.Q clearance required.Candidates with TS/SCI can be transferred to Q clearance easily.

#J-18808-Ljbffr