Leidos has a current job opportunity for a Cyber Intrusion Analyst who will be a member of the Network Assurance (NA) Team (DISA GSM-O program) and will lead/support NA Activities within PACOM AOR in Pearl Harbor, Hawaii.
Work closely with Government counterparts to provide guidance within the CND-SP area. Provide CND reports, trends, responses, mitigations, analysis & information dissemination. Provide C2 support, situational awareness support, and provide leadership & support for all CND applicable activities within Protect, Detect, Respond, and Sustain. Work as a technical leader within the CSSP Team, responsible for maintaining the integrity & security of enterprise-wide systems & networks. Provide technical leadership to CND Teams supporting security initiatives through predictive & reactive analysis, and by articulating emerging trends to leadership & staff.
• Maintain integrity and security of enterprise-wide cyber systems and networks.
• Coordinate resources during enterprise incident response efforts.
• Employ advanced forensic tools and techniques for attack reconstruction.
• Support internal investigations as forensic SME.
• Perform network traffic analysis as it pertains to the Cybersecurity of communications networks.
• Review threat data and develop custom signatures for Open Source IDS or other custom detection capabilities. Correlate actionable security events from various sources.
• Understand attack signatures, tactics, techniques and procedures associated with advanced threats.
• Develop analytical products fusing enterprise and all-source intelligence.
• May conduct malware analysis of attacker tools and reverse engineer attacker encoding protocols.
• Support teams within a performance-based environment with pre-determined Acceptable Levels of Performance (ALP's).
• Support the development, documentation and tracking of measurements & metrics relevant to the ALP's.
• Interface with Government counterparts, both CONUS & OCONUS, along with Leidos and sub team members.
• Monitor the implementation of IAVAs.
• De-conflict component & information specific IAVA guidance.
• Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks.
• Correlate actionable security events from various sources, including Security Information Management System (SIMS) data & develop unique correlation techniques.
• Utilize knowledge of attack signatures, tactics, techniques and procedures to aid in the detection of Zero-Day attacks.
• Interface with external entities including law enforcement, intelligence community & other government agencies.
• Provide limited analysis of incidents for the customers by: determining the incidents 'nature and formulating responses; Identifying & providing the ability to surge during emergencies; correlating event & incident data; determining possible effects on the DISN, customer networks & other organizations.
• Review threat data from various sources & aid in the development of custom signatures for Open Source & COTs IDS.
• Assess server security posture.
• Ensure security plan compliance.
• Ensure configuration changes do not adversely impact the server security.
• Monitor customer networks.
• Provide user administration & logistics support.
• Install, configure & monitor CND security-relevant network components.
• Perform infrastructure monitoring and performance assessment & new req analysis and support.
• Active DoD Top Secret Clearance.
• Bachelor's Degree and 4+ Years of Experience (Cyber courses/certifications or DISA customer experience may be substituted in lieu of degree).
• DoD-8570 IAT Level 2 baseline certification (Security+ CE, CISSP or equivalent).
• Experience supporting and/or leading CND or related teams.
• Experience working CND duties (e.g., Protect, Defend, Respond, and Sustain).
• Experience working with DoD / Government Leaders at all levels.
• IAM Level III Certification (GSLC, CISM, CISSP).
• At least one other IA certification completed, i.e., SSCP, CSIH, GCIA, GCIH or CEH.
• UNIX Administrative skills.
• Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task.
• Knowledge of hacker tactics, techniques and procedures (TTP).
• Be able to conduct malware analysis.
• Demonstrated hands on experience with various static and dynamic malware analysis tools
• Knowledge of advanced threat actor tactics, techniques and procedures (TTP)
• Understanding of software exploits.
• Ability to analyze packed and obfuscated code.
• Comprehensive understanding of common Windows APIs and ability to analyze shellcode.
External Referral Eligible