Location - Charleston, SC

 

Position Description:

The candidate will identify, isolate, investigate, inform, and implement measures to detect and protect data across a wide spectrum of sources and locations. The candidate is required to validate suspicious events or reports and determine if the event constitutes an incident. The candidate will stand as a Subject Matter Expert for all network related activity in support of incident response and monitoring functions.  Position roles and responsibilities include the following:

  • Conduct analysis of network activity across a wide array of technologies and platforms
  • Analyze malicious campaigns and evaluate the effectiveness of current countermeasures
  • Compile detailed investigation and analysis reports
  • Provide expert analytic investigative support of security incidents
  • Develop and tune advanced Indicators of Compromise to detect adversary actions
  • Maintains familiarity with CJCSM 6510.01B
  • Compiles and maintains internal standard operating procedure (SOP) documentation
  • Ensures associated documentation and capabilities remain compliant with CJCSM 6510.01b and other applicable policy directives
  • Provides network intrusion detection and monitoring, correlation analysis, incident response and support for the Cyber Security Service Provider (CSSP) and its subscriber sites
  • Participates in program reviews, product evaluations, and onsite certification evaluations

 

Qualifications:

  • Department of Defense Directive (DoDD) 8140 Information Assurance Technical (IAT) level II or III Certification
  • DoDD 8140 CSSP Incident Responder Category certification
  • Expert knowledge of TCP/IP network protocols
  • Experience creating advanced Splunk queries and reports
  • Ability to read and interpret firewall and netflow logs
  • Expertise in working with PCAP and accompanying tools
  • Experience in task automation and programming (i.e. Python, Bash, Powershell)
  • Strong knowledge of Linux operating system command line
  • Possess excellent oral and written communication skills

 

Preferred/ Desired Skills:

  • Bachelor’s degree or higher from accredited university/technical college in Cybersecurity, Computer Science, Information Systems, or other related scientific or technical discipline
  • 3-5 Years’ experience in Cyber Security Service Provider (CSSP) environment or similar area
  • Experience with Suricata / Snort signature creation, implementation and configuration
  • Experience with Bro signature creation, implementation and configuration
  • Experience with Fidelis / Sourcefire Network Appliances