Responsibilities Include:
- Conduct technical analysis of network traffic to identify anomalies, which may represent potentially malicious activity, and document the analysis in prescribed formats
- Monitor and understand emerging threats on open source, defined as those technical vulnerabilities and exploits that could present a threat to government networks, analyze tools and exploits, and document the analysis in prescribed formats
- Monitor IDS/IPS alerts, analyze associated network traffic, and document the analysis in prescribed formats
- Report detected incidents to agencies, work toward resolution, escalate when required according to SOP
- Development of IDS/IPS signatures based on indicators and analysis
- Testing of IDS/IPS signatures to determine successful detection and level of false positives
- Deployment of IDS/IPS signatures based on SOPs
- Conduct technical analysis of data from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities
- Assist with the development of mitigation strategies
- Coordinate, communicate, share information, with CS&C and NCCIC components
- Deploy to provide on-site support and assistance in the event of an exercise or cyber incident
- Identify and document network-based tactics, techniques, and procedures used by an attacker to gain unauthorized system access
- Participate in inter-agency sponsored community of interest analysis groups, and technical briefings and exchanges.
- Assist with developing and maintaining Standard Operating Procedures
- Support the collection and reporting of performance metrics
Requirements that candidates will be evaluated against:
- Active TS clearance with ability to receive DHS SCI and EOD (current approved DHS EOD preferred)
- Advanced skills in developing IDS signatures and ability to conceptualize IDS signatures from otherwise disparate information
- Highly proficient in working with SNORT IDS software
- In-depth understanding of SOC/NOC operations
Preferred Qualifications or Skills:
- DODD 8570 Level II certification (SANS certifications, CISSP)
- Experience leading and managing within SOC/NOC operations
- Familiarity with Kill Chain for incident response
- Familiarity with malware analysis
- Familiarity with forensics
- Familiarity with incident response products and best practices
- Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint)
- Customer service experience