CyTech Services has an immediate need for a Network-based Systems Analyst - Level II to support the DHS HIRT program. This is an entry level position on a multi-year contract with growth potential.
Level II experience and education requirements:
(4-6 years network investigations experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 2-4 years of network investigations experience)
Proficiency at level II includes all skills defined at level I in addition to the following:
Collect network intrusion artifacts (e.g., domains, URI's, certificates, etc.) and use discovered data to enable mitigation of potential Computer Network Defense incidents.
Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information
Collect network device integrity data and analyze for signs of tampering or compromise
Assist with real-time CND incident handling (i.e., forensic collections, intrusion correlation and tracking, threat analysis, and advising on system remediation) tasks to support onsite engagements
Full description of NBSA requirements on program:
The full range of Network-based Analysis Support for Cybersecurity to include:
a) Perform analysis of log files from a variety of sources (e.g., network traffic logs, firewall logs, intrusion detection system logs, Domain Name System (DNS) logs) to identify possible threats to network security.
b) Collect intrusion artifacts (e.g., domains, Uniform Resource Identifiers (URIs), certificates, etc.) and use discovered data to enable mitigation of potential CND hunts and incidents.
c) Analyze identified malicious network activity to determine weaknesses exploited, exploitation methods, effects on system and information.
d) Identify and document network based tactics, techniques, and procedures used by an attacker to gain unauthorized system access.
e) Track and document CND incidents from initial detection through final resolution.
f) Perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable incident response teams.
g) Create and disseminate technical reports in response to conducted analysis.
h) Assist with writing CND guidance and reports on incident findings to appropriate constituencies.
i) Assist with developing and maintaining SOPs.
j) Participate in inter-agency sponsored community of interest analysis groups, participate in technical briefings and exchanges.
k) Serve as technical expert and liaison to leadership, NCCIC, the IC, and law enforcement personnel explaining incident details as required.
l) Manual review network device configurations for suspicious configurations or signs of compromise.
m) Assess network topology and network device configurations identifying critical security concerns and providing network security best practice recommendations to identify critical security concerns from an architecture perspective (e.g., external internet traffic bypassing firewall boundary) and a network device configuration perspective (e.g., default administrator account on a network device).
n) Collect network device integrity data, utilizing specialized tools, to detect unauthorized access (login access, configuration changes, interface changes, physical access, unscheduled reboots, blocked attempts, downgraded encryption, etc.).
o) Collect network device integrity data, utilizing specialized tools, to detect software modifications (file verification, online/offline hash, published hashed, memory verification, firmware verification, rootkit detection).
p) Collect network device integrity data, utilizing specialized tools, to detect hardware modifications (operating statistics, network traffic analysis).
q) Support network device integrity analysis on multi-vendor products (e.g., Cisco, Juniper, HP, Dell, etc.).
r) Assist with maintaining the readiness of all fly-away kits, storage media and forensic VM analyst images.
s) Divert/deploy teams of Contractor resources to provide on-site support and assistance in the event of an exercise or cyber incident.
Work Location: Government site (Classified and Unclassified Space) in Arlington, Virginia.
Clearance Level Required: Top Secret/SCI with eligibility to receive DHS EOD