Cyber Network Defense Analyst II

Nightwing provides technically advanced full‑spectrums cyber, data operations, systems integration, and intelligence mission‑support services. We support a U.S. Government customer with onsite incident response for civilian agencies and critical asset owners, performing investigations to characterize breaches, develop mitigation plans, and restore services.

• Characterize and analyze network traffic to identify anomalous activity and potential threats.
• Coordinate with enterprise‑wide cyber defense staff to validate network alerts.
• Document and escalate incidents—including event history, status, and potential impact—for further action.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of alerts.
• Provide timely detection, identification, and alerting of possible attacks, intrusions, anomalous activities, and misuse, distinguishing these from benign activity.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Analyze identified malicious activity to determine exploited weaknesses, exploitation methods, and effects on systems and information.
• Identify and analyze anomalies in network traffic using metadata.
• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
• Identify applications and operating systems of a network device based on network traffic.
• Reconstruct a malicious attack or activity based on network traffic.
• Identify network mapping and operating system (OS) fingerprinting activities.
• Assist in constructing signatures to be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.

• U.S. citizenship.
• Active TS/SCI clearance.
• Ability to obtain DHS Entry on Duty (EOD) Suitability.
• 5+ years of relevant experience in cyber defense analysis using leading‑edge technologies and industry‑standard cyber defense tools.
• Experience developing and deploying signatures.
• Experience detecting host and network‑based intrusions via intrusion detection technologies (e.g., Snort).
• Experience implementing incident handling methodologies.
• Experience implementing protocol analyzers.
• Experience collecting data from a variety of cyber defense resources.
• Experience reading and interpreting signatures (e.g., Snort).
• Experience performing packet‑level analysis.
• Experience conducting trend analysis.

• Python programming experience.
• Strong mathematics and science background.
• Experience with Carnegie Mellon SiLK tool suite.

BS in Computer Science, Cyber Security, Computer Engineering, or a related degree. Alternatively, a high school diploma with 7+ years of network investigations experience.

• GNFA, GCIH, GCIA, GSEC, CASP+, CySA+, PaLMS, FedVTE, GSEC (SANS
  401).
• Arcsight (or other SEIM solution), Network+, Security certifications.

Nightwing is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.