Leidos is seeking a Tier 3 Malware Analyst to join our team on a highly visible cyber security single-award IDIQ vehicle that provides security operations center (SOC) support, cyber analysis, application development, and a 24x7x365 support staff.
Department of Homeland Security (DHS), Security Operations Center (SOC) Support Services is a US Government program responsible to monitor, detect, analyze, mitigate, and respond to cyber threats and adversarial activity on the DHS Enterprise. The DHS SOC has primary responsibility for monitoring and responding to security events and incidents detected at the Trusted Internet Connection (TIC) and Policy Enforcement Point (PEP) and is responsible for directing and coordinating detection and response activities performed by each Component SOC. Direction and coordination are achieved through a new shared DHS incident tracking system and other means of coordination and communication.
Duties include leading, supporting, coordinating and acting as the initial point of contact for security operations floor activities. Will assist with developing, maintaining, tuning, and monitoring cyber security content for detection and prevention capabilities. Will support investigating computer and information security incidents to determine extent of compromise to information and automated information systems, providing network forensic and intrusion detection support to high technology investigations in the form of researching and maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption. In addition, the Tier 3 Analyst will lead and mentor other SOC Support Staff and will communicate with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program. The Analyst should have expertise in monitoring and detection, and incident response to support detection, containment, and eradication of malicious activities targeting customer networks.
This is a 9AM to 5PM Monday thru Friday. Flexible start times are considered. Participates in rotating on call schedule.
Malware Analysts will:
• Work with the Incident Response team to conduct forensics on potential malware and confirm as a threat or false positive.
• If malware is confirmed, work with the Incident Response and Email teams to conduct sweeps across the federated DHS organization to eliminate the threat and update policy enforcement points
• Work with the Splunk team to implement, enhance, or change existing use cases
• Pivot on the forensic data working with the Cyber Threat Intelligence team to determine if the malware is part of a larger campaign, how DHS is being targeted and take any further remediation required
• Monitor and conduct investigations for SIEM network alerts for potential cyber intrusions
• Contribute to Incident Response investigations working with the Incident Response team
• Potentially travel to other DHS locations (1-3 times/year) to support Incident Response investigations
• Lead and mentor other SOC support staff and communication with executive leadership regarding matters of significant importance to the DHS SOC Support Services Program
EDUCATION & EXPERIENCE:
Requires Bachelor's Degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 12+ years of prior relevant experience or Masters with 10+ years of prior relevant experience . Without degree, 15 years of prior relevant experience in the areas of incident detection and response, malware analysis, or cyber forensics required.
Minimum of current Secret with ability to obtain TS/SCI Clearance. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
Must have at least one of the following certifications: SANS GIAC:GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH
ISC2: CCFP, CCSP, CISSP CERT CSIH
EC Council: CHFI, LPT, ECSA
Offensive Security: OSCP, OSCE, OSWP and OSEE
Defense Cyber Investigative Training Academy: FTK WFE-FTK, CIRC, WFE-E-CI, FIW
Experience in cyber government, and/or federal law enforcement. Cyber Kill Chain knowledge.