Cyber Defense Analyst III

Essential Job Functions

• Use information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior.
• Identify, triage and report events that occur in order to protect data and information systems.
• Recommend proactive security measures.
• Notify stakeholders of suspected incidents, articulating technical information surrounding the suspected incident.
• Implement mitigations in accordance with cyber incident response plan.
• Conduct PCAP analysis.
• Perform advanced manual analysis to hunt previously unidentified threats.
• Demonstrated ability to analyze and identify network and host-based security threats.
• Understanding of snort filters and their use in IDS alerts.
• Understanding of network hardening methodologies.
• Working knowledge of enterprise-level IDS/IPS and firewall topologies.
• Provide subject matter expert (SME)-level analysis of advanced adversarial Tactics, Techniques and Procedures (TTPs).
• Develop and deploy effective threat identifying signatures and countermeasures to various sensors and intrusion prevention systems.
• Lead and mentor team members as a technical expert.

• Due to the nature of this position and the information that employees will be required to access, U.S. Citizenship is required.
• Required Security Clearance: TS/SCI with FS Poly.
• Required High School Diploma.
• 8 years of demonstrated experience as a Cyber Defense Analyst. 2 years of experience can be substituted by a technical Bachelor’s Degree.
• Two years of experience with TCP/IP.
• Two years of experience with tcpdump or Wireshark/tshark.
• Requires GIAC Global Certified Incident Handler (GCIH) certification.