Essential Job Functions

• Use information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. 
• Identify, triage and report events that occur in order to protect data and information systems. 
• Recommend proactive security measures. 
• Notify stakeholders of suspected incidents, articulating technical information surrounding the suspected incident. 
• Implement mitigations in accordance with cyber incident response plan.
• Conduct PCAP analysis. 
• Perform advanced manual analysis to hunt previously unidentified threats. 
• Demonstrated ability to analyze and identify network and host-based security threats. 
• Understanding of snort filters and their use in IDS alerts. 
• Understanding of network hardening methodologies. 
• Working knowledge of enterprise-level IDS/IPS and firewall topologies. 
• Provide subject matter expert (SME)-level analysis of advanced adversarial Tactics, Techniques and Procedures (TTPs). 
• Develop and deploy effective threat identifying signatures and countermeasures to various sensors and intrusion prevention systems. 
• Lead and mentor team members as a technical expert. 

Minimum Required Qualifications

• Due to the nature of this position and the information that employees will be required to access, U.S. Citizenship is required.
• Required Security Clearance: TS/SCI with FS Poly.
• Required High School Diploma.
• 8 years of demonstrated experience as a Cyber Defense Analyst. 2 years of experience can be substituted by a technical Bachelor’s Degree. 
• Two years of experience with TCP/IP. 
• Two years of experience with tcpdump or Wireshark/tshark. 
• Requires GIAC Global Certified Incident Handler (GCIH) certification.