Wiesbaden
Job Description
Overview
This position description is subject to change at any time as needed to meet the requirements of the program or company.
The Defensive Cyber Operations (DCO) Division within the Regional Cyber Center – Europe (RCC-E) is looking for a candidate with strong scripting abilities, experience with systems security administration, and network security technologies. The Senior Cyber Threat Analyst (DCO) will design, implement, automate, maintain, and optimize measures protecting systems, networks, and information.
Responsibilities
Major Job Activities:
Oversee monitor, detect, analyze, and correlate events for potential threat activity utilizing Security Information Event Management (SIEM) systems, Big Data Analytics, and other supporting platforms or applications.
Lead exploratory and in-depth analysis of network traffic from security devices, analysis of host-based audit logs, malware analysis, trending of cyber incident reports, correlation of classified and open-source threat reporting, and linkages/integration with other DCO agencies.
Investigate and identify the cause, source, and methodology of compromises or incidents.
Initiate computer incident handling procedures to isolate and investigate potential network information system compromises.
Perform trend analysis on events and incidents to identify and characterize threats.
Conduct open-source research to identify commercial exploits or vulnerabilities (i.e. Zero – Day) required response actions.
Organize and conduct Cyber hunt missions that include, but are not limited to, examining information systems, network devices, and endpoints for indicators of compromise.
Prepares formal comprehensive reports and presentations for both technical and executive audiences.
Configure and optimize software and hardware detection and prevention capabilities.
Perform host and network base signature development and standardization for implementation on end-point products or sensor grid.
Develop, document, and refine Tactics, Techniques, and Procedures (TTP).
Material & Equipment Directly Used:
Basic office equipment.
Working Environment:
Normal office environment.
May require support during periods of non-traditional working hours including nights or weekends.
Physical Activities:
Must be able to lift / push / pull 40 lbs. unassisted.
Qualifications
Education / Certifications:
U.S. Citizen
Active TS / SCI level Security Clearance.
Education: Bachelor of Science / Arts Degree in Engineering or Computer Science or Science or Business Administration or Mathematics, plus five (5) years of specialized experience; OR an Associate’s Degree plus seven (7) years of specialized experience; OR a major certification plus seven (7) years of specialized experience; OR 11 years of specialized experience.
IAT III Certification: (one of the following): CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, CCSP
Special Requirement Certification CSSP Analyst (one of the following and cannot be the same as baseline certification or specialized certification): GCIA or GCIH or CySA+
Specialized Certification (one of the following and cannot be the same as baseline certification or CSSP Analyst): Any of the following GIAC GNFA, GCTI, GDSA, GCDA, GREM, DCITA CIRC, FIWE, Offensive Security OSDA
Experience:
Experience in performing threat analysis of computer vulnerability advisories, current network penetration techniques, and threat reports to determine security concerns and design improvements to strengthen the computer network’s defensive posture. Expert level knowledge of network logs such as but not limited to firewall, PCAP, NetFlow, Zeek, DNS, and web proxy. Experience in reviewing and correlating alerts, user activity, and network traffic data for anomalous activity or other indications of real or potential violations. Ability to review network diagrams and topologies to determine potential vulnerabilities and logging gaps. Ability to analyze RAM and Microsoft System Dumps for anomalous and malicious activity. Develop and distribute cyber threat awareness products which articulates findings to both technical and non-technical audiences.
Skills / Technology Used:
ArcSight, AESS, JRSS, IronPort, Security Onion, Gabriel Nimbus BDP
Supervisory / Budget Responsibilities:
TBD
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.
Top Secret SCI (SSBI) (Tier 5)
Vectrus / Equal Opportunity Employer / JBVTR-33391
JBVTR
Top Secret, CLZTT, SKINT, SKCYB, JBVTR SKUUU, Wiesbaden Wiesbaden ZC ZCCX
