THIS POSITION IS A MIX OF RED AND BLUE TEAM WORK BUT IS MORE FOCUSED ON RED TEAM/PEN TESTING/ATTACKING. WOULD LIKE TO SEE SOME SCRIPTING, CUSTOM EXPLOITS, AND THREAT HUNTING. SOME TOOLS BEING USED ARE KALI, METASPLOIT, WIRESHARK, AND N-MAP
Position Description: The ACD Analyst will look through network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, hunt for Advanced Persistent Threats (APT).
• Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in network and on host.
• Find evidence of attack, and attackers actions thereafter.
• Work with team to produce effective countermeasures against found evidence. Also, contributes to mitigations for future attacks of a similar nature.
• Follow Security Operations Center (SOC) policies, procedures for incident reporting and management. Create a detailed Incident Report (IR) and contribute to lessons learned. .
• Analyze infrastructure build sheets, Configuration Management Database (CMDB), NIST 800-53 ATO artifacts, Vulnerability scans, Access Control Lists (ACL), and vendor documentation to thoroughly understand software behaviors and interactions. .
• Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
• Study and understand IANA, W3C, IETF and other internet bodies’ protocol RFC definitions to understand violations and security weaknesses.
• Conduct forensic testing and operational hardening of multiple OS platforms.
• Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture.
• Work with SOC shift team to help contain intrusions.
• Provides detailed requirements to team security engineers, SIEM specialists, and other team capability developers to provide reusable hunt tactics and techniques for other team analysts.
• Provide detailed input to watchlog and provide thorough pass-down.
• Generates documentation as required by the customer.
• Thorough understanding of network protocol behaviors. Ability to understand netflow and PCAP.
• Thorough knowledge of open source tools to visualize PCAP data (Wireshark, TCPDump, etc.).
• Detailed knowledge of various forms of social engineering, including the ability to recognize and handle spear-phishing campaigns or other forms of social engineering attacks.
• Comprehensive knowledge of Windows and Linux behaviors, logging, vulnerabilities, exploits, and known attacks.
• Use of IPSec packet filtering and Windows firewalls with specific application to defense in depth of network based attacks, data corruption, data theft, credential theft, and administrative control.
• Red Team/Blue Team experience from a federal agency
• Expert knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
• Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures
• Knowledge of how encryption, key management and cryptology works in the enterprise and in cyber data
• Understanding of Enterprise Architecture Standards such as the Department of Defense Architecture Framework (DODAF), Service-Oriented Architecture (SOA), the Open Group Architecture Framework (TOGAF), and/or the Amazon Web Services (AWS) Well Architected Framework
• Knowledge in the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines (risk profiling, control selection, control assessment, control monitoring)
• Expertise in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation
• Expertise in Application Penetration Testing (fuzzing, reverse engineering, Fortify or similar, IDA Pro, Kali, BackTrack, OllyDbg, SQLMap, etc.)
• Expertise in Proof of Concept (Exploit) development
• Understanding of Secure SDLC (threat modelling, security requirements, secure design, secure implementation, secure testing, secure maintenance)
• Knowledge of Mobile Application Security and MDM sensor data
• Expertise in Embedded Device Security
• Expertise in Malware Analysis
• Organizational Skills: Proven ability to plan and prioritize work, both their own and that of team. Follows tasks to their logical conclusion.
o Problem Solving: Natural inclination for planning strategy and tactics. Ability to analyze problems and determine root cause, generating alternatives, evaluating and selecting alternatives and implementing solutions.
o Results oriented: Able to drive things forward regardless of personal interest in the task.
1593 Spring Hill Road Suite 10 Vienna, VA, 22182