Cyber Network Defense (CND) Analyst

SIEM Tools, Cyber Network Defense, Cyber Security
Full Time
Depends on Experience
Work from home not available Travel not required

Job Description

Job Title:  Cyber Network Defense (CND) Analyst
Job Location: Bolling AFB -Washington, DC
Security Clearance: TS/SCI - will need to get final adjudication for Yankee White

Certification: Current IAT Level II (Security+ce, CCNA Security, etc.) certification.  Ability to obtain DoD-8570 CSSP Analyst certification (Certified Ethical Hacker or equivalent) within 180 days of start date.

Due to the nature of the work and contract requirements, US Citizenship is required.

Job Responsibilities:

The candidate will monitor the Presidential IT Community (PITC) network using Splunk and customer provided cybersecurity tools to identify system threats and security events. The candidate will analyze events and recommend appropriate courses of action to mitigate threats and reduce risks. The candidate will coordinate with customer/DoD analysts, Executive Office of the President (EOP) analysts, and other internal and external organizations as directed by customer leadership. The candidate will follow established SOPs, and contribute to the improvement of our Tactics, Techniques and Procedures (TTPs), including operating procedures; data searches, extractions, and analysis; and dashboard presentation of event data.

CND Team duties include but are not limited to:

  • Employ advanced forensic tools & techniques for network attack reconstruction
  • Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of the PITC network
  • Correlate actionable security events to aid in the identification of threat trends and possible Advanced Persistent Threats
  • Document events in the customer’s ticketing system per established SOPs


  • Advise customer leadership, CND engineering/tool support, and other SOC analysts on a strategy to mitigate specific incidents and trending threats
  • Interface with WHCA enterprise support teams such as system admins, network admins and IA as required to investigate and/or resolve incidents and issues
  • Participate in the coordination of resources during enterprise incident response efforts
  • Interface with external entities including Secret Service, intelligence community and other government agencies as required


  • Provide support if needed for the development, implementation, integration, management, and sustainment of sensor and sensor support technologies
  • Support efforts to meet program Acceptable Levels of Performance as they relate to response time, action item tracking and security incidents, as these apply to specific responsibilities assigned to the analyst


Minimum Qualifications:

·         Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent)

·         Ability to obtain DoD-8570 CSSP Analyst certification (Certified Ethical Hacker or equivalent) within 180 days of start date.  Strongly preferred if candidate already has this certification.

·         Must hold TS/SCI clearance to be considered, and qualify for Presidential Support Duty (successfully pass Yankee White approval process) to start

·         Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.

·         Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.

·         Willing to perform shift work, including weekends and non-standard work hours.

Desired Qualifications:

·         CND experience (Detect, Respond, Sustain, and Hunt) within a Computer Incident Response organization.

·         Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).

·         Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.

·         Demonstrated hands-on experience analyzing network and log data (e.g. PCAP), and other attack artifacts in support of incident investigations.

·         In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk).

·         Experience and proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics.

·         Experience with malware analysis concepts and methods.

·         Scripting and programming experience (Powershell; Bash/PERL/Python scripting)

·         Motivated self-starter with strong written and verbal communication skills.


  • Preferred to have Bachelor’s in Engineer, Computer Science, IT management OR sufficient technical certifications and experience

Trace Systems

Trace Systems, headquartered in Vienna, Virginia, was founded to support and defend our nation's security interests at home and abroad–– whenever and wherever. We provide cybersecurity, intelligence, communications, networking and information technology services, systems, and solutions to the United States Department of Defense, Intelligence Community and Department of Homeland Security.


To Apply: We invite you to put your talents to work by joining a growing team of dynamic professionals here at Trace Systems! Be part of a culture at our leading edge company where you can achieve great things while fostering a satisfying and rewarding career progression. Please apply directly through the website at:      #jointracesystems


For any additional questions or to submit any referrals, please contact


Trace Systems is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Posted By

Ruth Robertson

1934 Old Gallows Rd Suite 600 Vienna, VA, 22182

Dice Id : 10240430
Position Id : 2019-3053
Originally Posted : 2 months ago
Have a Job? Post it

Similar Positions

Overnight SOC Analyst
  • Attain
  • Herndon, VA
SOC Analyst
  • Vega Consulting Solutions
  • Washington D.c., DC
Principal Cyber Network Security Analyst
  • Northrop Grumman
  • Arlington, VA
Incident Response Analyst - Tier 1
  • Leidos
  • Alexandria, VA
Tier 1 SOC Analyst
  • Apex Systems, Inc
  • Herndon, VA
Emerging Threat Analyst (Malware Triage)
  • Cornerstone RPO
  • Bowie, MD
Senior Cyber Incident Response Analyst
  • Bering Straits Native Corporation
  • Washington, DC
Tier 1 SOC Analyst
  • Base One Technologies
  • Alexandria, VA
Cyber Security Analyst Advisor - Cyber Incident Detect/Response
  • General Dynamics Information Technology
  • Washington, DC
Tier 1 SOC Engineer
  • Piper Companies
  • Sterling, VA
Cyber Manager
  • SAIC
  • Washington, DC