Wiesbaden
Job Description
Overview
This position description is subject to change at any time as needed to meet the requirements of the program or company.
The Defensive Cyber Operations (DCO) Division within the Regional Cyber Center – Europe (RCC-E) is looking for a candidate with strong scripting abilities, experience with systems security administration, and network security technologies. The Senior Threat Analyst – Assessment (DCO) will design, implement, automate, maintain, and optimize measures protecting systems, networks, and information.
Responsibilities
Major Job Activities:
Oversee monitor, detect, analyze, and correlate events for potential threat activity utilizing Security Information Event Management (SIEM) systems, Big Data Analytics, and other supporting platforms or applications.
Lead exploratory and in-depth analysis of network traffic from security devices, analysis of host-based audit logs, malware analysis, trending of cyber incident reports, correlation of classified and open-source threat reporting, and linkages / integration with other DCO agencies.
Investigate and identify the cause, source, and methodology of compromises or incidents.
Initiate computer incident handling procedures to isolate and investigate potential network information system compromises.
Perform trend analysis on events and incidents to identify and characterize threats.
Conduct open-source research to identify commercial exploits or vulnerabilities (i.e. Zero – Day) required response actions.
Organize and conduct Cyber hunt missions that include, but are not limited to, examining information systems, network devices, and endpoints for indicators of compromise.
Prepares formal comprehensive reports and presentations for both technical and executive audiences.
Configure and optimize software and hardware detection and prevention capabilities.
Perform host and network base signature development and standardization for implementation on end-point products or sensor grid.
Develop, document, and refine Tactics, Techniques, and Procedures (TTP).
Material & Equipment Directly Used:
Basic Office Equipment
Working Environment:
Normal office environment.
May require support during periods of non-traditional working hours including nights or weekends.
Physical Activities:
Must be able to lift / push / pull 40 lbs. unassisted.
Qualifications
Education / Certifications:
U.S. Citizen
Active TS / SCI level Security Clearance
Education: Bachelor of Science/Arts Degree in Engineering or Computer Science or Science or Business Administration or Mathematics, plus five (5) years of specialized experience; OR an Associate’s Degree plus seven (7) years of specialized experience; OR a major certification plus seven (7) years of specialized experience; OR 11 years of specialized experience.
IAT III Certification (one of the following): CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, CCSP
Special Requirement Certification CSSP Analyst (one of the following and cannot be the same as baseline certification or specialized certification): CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, PenTest+ – Not CEH
Specialized Certification (one of the following and cannot be the same as baseline certification, or CSSP Analyst): Any of the following: TCM Security PNPT, Offensive Security OSCP, OSCE, GIAC GPEN, GWAPT, GAWN, GXPN, GWEB
Experience:
Experience in Vulnerability Assessment, Penetration Testing, and Web Application security Assessments. Experience in running assessments on Microsoft Active Directory and Linux environments along with associated infrastructure. Experience with penetration testing frameworks such as Metasploit, Core Impact, and/or Immunity Canvas. Experience in evaluating web servers and web applications manually and with such automated tools as OWASP ZAP and/or Portswigger Burp Suite. Experience with scripting languages such as Bash, Python, and/or Powershell. Experience in report writing and articulating assessment findings to both technical and non-technical audiences.
Skills / Technology Used:
ArcSight, AESS, JRSS, IronPort, Security Onion, Gabriel Nimbus BDP
Supervisory / Budget Responsibilities:
TBD
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.
Top Secret SCI (SSBI) (Tier 5)
Vectrus / Equal Opportunity Employer / JBVTR-33390
JBVTR
Top Secret, CLZTT, SKINT, SKCYB, JBVTR SKUUU, Wiesbaden Wiesbaden ZC ZCCX
