Address
Form of workThe mission of the Jacobs Lone Wolf Team is to support, operate, and maintain a DoD provided, integrated voice, video, and data global communications network that facilitates collaboration among senior leaders and key staff.
Candidates are expected to have a strong work ethic and possess the ability to work as a critical member of a team in pursuit of mission objectives and in support of our customers. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets. To be successful in this role, you'll be able to rapidly adapt and learn how to operate the front and back end of new products and processes.
Responsibilities:
- Use Splunk to proactively monitor and provide near real-time cybersecurity status and reports to enable timely decision-making.
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
- Proactively search for threats and inspect traffic for anomalies and new malware patterns.
- Perform log analysis from a variety of sources, such as individual host, network traffic, firewall, and intrusion detection (IDS) system logs, to identify trends and abnormal behavior, correlate events, and detect tactics, techniques, and procedures (TTPs) that could pose a threat to network security.
- Investigate and analyze logs as well as provide analysis and response to alerts.
- Perform real-time cyber defense incident handling tasks (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) to support incident response across Windows and Linux platforms and escalate incidents by following documented standard operating procedures.
- Produce high-quality written and verbal communications, recommendations, and findings to customer management.
- Perform critical thinking and analysis to investigate cybersecurity alerts.
- Coordinate with internal and external teams to address threats and risks.
#divergent
- Must have active TS/SCI
- At least 10 years of relevant experience
- DoDD 8140 (8570), IAT II Security certification required
- Minimum of 3 years of professional experience in cybersecurity, information risk management, or information systems risk assessment
- Must be knowledgeable in activities such as vulnerability assessment; intrusion prevention and detection; access control and authorization; policy enforcement; application security; protocol analysis; firewall management; incident response; data loss prevention; encryption; advanced threat and incident response; and web-filtering
- At least 2 years of experience working in security operations center or cybersecurity-related environment
- Possess the ability to create ad hoc SPL searches using a wide variety of sources
- Experience conducting or managing incident response and investigating targeted threats
- Understanding of system internals is required to order to implement and execute countermeasures and remediation
- Possess knowledge of network protocols (e.g. TCP/UDP, HTTP, ICMP, DNS, SMTP, etc.), network analysis tools, and ability to perform analysis of associated network logs
- Experienced with network topologies and network security devices (e.g. firewall, proxy, IDS/IPS, DNS, WAF, etc.).
- Solid understanding of cyber threats, MITRE ATT&CK framework and other TTPs
- Knowledge of current IT security best practices
- Knowledge of advanced persistent threats, their capabilities, and experience implementing appropriate countermeasures
Preferred:
- Splunk Core Certified User
- Experience with Splunk Enterprise Security
- Experience in a scripting language (e.g., Python, PowerShell, etc.)
- DoDD 8140 (8570) CSSP, CySA , CEH, or GCIH certification preferred
