Cyber Intrusion Analyst with Security Clearance

Cyber Intrusion Analyst Location: DISA PAC SITE - Ford Island/Pearl Harbor, Hawaii Certification: Current DoD 8570 IAT Level II Certification (e.g. Sec+ CE) or higher at time of start. Current DoD 8570 CSSP Analyst Certification (e.g. CEH, CySA+), or ability to obtain one within 180 days of starting. Potential for Telework: No - 100% onsite Clearance: DoD Secret PRIMARY RESPONSIBILITIES: Perform computer network incident detection, and response activities to detect, correlate, identify and characterize anomalous activity that may be indicative of threats to the enterprise. Monitor various security tools and applications for possible malicious activities, investigate any associated alerts or indicators, and develop recommendations for a course of action, including mitigation strategies as necessary. Conduct analysis of low-level ("low and slow") events to identify unauthorized activity utilizing exploratory problem-solving or self-learning techniques. Conduct near real-time event triage and analysis, which can result in network traffic validations or a Mission Partner's incident report. Utilize formal monitoring policies and procedures that include the appropriate use of DoD-approved network monitoring and traffic analysis tools to assist with identifying suspicious, anomalous, or overtly malicious network traffic on a 24/7/365 basis. Review and analyze available logs in a timely manner to detect intruders and notify Mission Partners of activity through a formal reporting process/pending an incident report. Apply, develop, tune, and distribute or optimize new and existing countermeasures or guidance to prevent or mitigate potential cyber event impacts when possible. Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks. Understand attack signatures, tactics, techniques, and procedures associated with advanced threats. Requires good technical writing skills as each event, including the associated analysis, are documented in a ticketing system for review and action. Requires excellent communication skills as we are collocated with our customer and regular face-to-face interaction is necessary throughout the day, as well as significant coordination and communication between team members. BASIC QUALIFICATIONS: Must have an active DoD Top Secret clearance. Bachelor's Degree and 4+ years of related experience; cyber courses/certifications or DISA customer experience may be substituted in lieu of degree. Current DoD 8570 IAT Level II Certification (e.g. Sec+ CE) or higher at time of start. Current DoD 8570 CSSP Analyst Certification (e.g. CEH, CySA+), or ability to obtain one within 180 days of starting. Experience working CND duties (e.g., Protect, Defend, Respond, and Sustain). Experience working with DoD / Government Leaders at all levels. Strong computing system knowledge, particularly networking, including a knowledge of communication protocols and familiarity with common computing security elements such as IDS/IPS systems and firewalls. Experience evaluating packet captures. PREFERRED QUALIFICATIONS: Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task. Knowledge of hacker tactics, techniques and procedures (TTP). Familiarity with computing security frameworks such as MITRE ATT&CK and Cyber Kill Chain. Monitoring of intrusion detection and computer defense appliances (Splunk, Elastic), applications, and analysis of associated alerts. Knowledge of advanced threat actor tactics, techniques, and procedures (TTP) Understanding of software exploits. Analyze packed and obfuscated code. For more information please Contact Us Or send an email to