Cyber Defense Engineer/Auditor (Red-Blue Team)

JOB DESCRIPTION:

CDO support services include continuous monitoring, data to include but not limited to network and host vulnerability scanning IDS, firewall, network sensor tuning, net flow/packet capture (PCAP). Collect and keep audit data in order to conduct a technical analysis relating to misuse, penetration, or other incidents.

Traffic analysis, vulnerability analysis, cyber threat hunting, wireless scanning, end point security analysis, vulnerability analysis, network access control, network and computer forensics investigations, insider threat support, web traffic analysis, and various cybersecurity application/tools installed on (servers, workstations, to include maintenance and upkeep of the server.

Analysis reports, forensics investigations, trend reports. Analysis reports are conducted daily, covering the Security Information and Event Manager (SIEM), end point security, network access control, and vulnerability scanners, threat hunt operations. Analysis reports are produced daily covering 30 plus activities that are used to depict current network security and any anomalous activity.

Requirements

EDUCATION REQUIREMENTS:

• Associates or Bachelor's Degree in Information Technology, Information Systems Management, Cybersecurity, or equivalent, or equivalent experience

BASIC QUALIFICATIONS:

• At least 3 Years- hands-on technical Cybersecurity Experience:
• As part of a mid to large enterprise SOC team; OR
• Experience with enterprise vulnerability management, endpoint security or web security; OR
• As part of a mid to large enterprise red team or threat hunt team
• Knowledge of computer network defense concepts, DISA Security Technical Information Guides, DoD A&A Process, NIST SP 800-53, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cybersecurity and Computer Network Defense policies Cybersecurity and Computer Network Defense policies
• Be able to maintain TS/SCI clearance and access to required commercial and/or DoD systems including NIPRNet, SIPRNet, and JWICS
• Forensic Engineer specific:
• Develop and maintain a forensic SOPs for conducting forensic investigations in accordance with DoD and DCSA directives and legal requirements
• Conduct computer forensic analysis with current software, tools, and systems in accordance with applicable DoD directives and CJCM 6510.
• Acquire and preserve a forensic image of data from system hard disk drives, and volatile memory to include but not limited to documents, images, email, webmail, Internet artifacts, web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, system files, executables, scripts, on workstations, laptops, servers, VDIs, external mass storage, and smartphones and tablets.
• Create a forensic exact binary duplicate of the original system or media utilizing EnCase Forensic (or similar) tool. Experience developing and reporting metrics, preferably in a near-real time dashboard or common operating picture.
• Cyber Defense Infrastructure Engineer Specific:
• Analyze impact of firewall configurations. Analyze data logs to include but not limited to servers, end point security, firewalls, web proxy, and infrastructure devices.
• Analyze user activity data from CDO tools to determine which indicators or triggers can be applied.
• This role participates in incident response, and conducts root cause analysis to recommend, test, and implement defensive changes within the infrastructure to prevent recurring events
• Experience participating in both reactive incident response and proactive threat hunting type engagements.
• Red/Blue Auditor:
• Cyber threat emulation, offensive/red team, or like type experience and mindset required.
• This role tests agency baseline configurations, defenses, and acts as an exercise force for blue team/defenders to test their response actions an drills.

Certification(s):

• IAT Level II REQUIRED
• CSSP-Auditor or CSSP-Infrastructure Support Preferred
• Active TS/SCI Clearance REQUIRED for exceptionally qualified candidates Active Secret with ability to obtain TS/SCI may be allowed

WORK ENVIRONMENT AND PHYSICAL DEMANDS:

• This is a partial Telework position
• If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection.
• Must speak English well enough to communicate complex technical ideas to a diverse customer both verbally and in written form.

Benefits

BENEFITS:

• Health, Dental, Vision, 401K Matching, AD&D Insurance