Work in Illinois Veterans

Illinois Job Link Logo

Job Information

TEKsystems TO29 (Network Assurance) Cyber Analyst in Scott AFB, Illinois

Description:

This is a great opportunity for an individual looking for Red Team/Blue Team Ops:

This position is a chance to get your foot into the cybersecurity world. This position requires someone to have a TS day one they cannot just have a secret.

More Junior candidates need to have more cyber on their resume. If they do not have specific Cyber experience they have to have worked within IA or RMF or have 2-3 years of networking security to be considered. The interview is heavily based on network security vs their cyber experience because they will learn cyber but have to know how the network works in order to solve problems on the DISN (Defense Information Systems Network)

From the manager "We don't do any sort of pentesting. We are strictly Cyber Defense...we often look for red team (pentesting) on our networks, but don't engage in any of the activity ourselves.

Pentesting is often seen as the most exciting side of cyber, an overwhelming majority of the talent breaking into the field want to be pentesters. My opinion is that the defense side is more interesting. 1) Pentesters in almost every case will find a way to exploit a system (usually through email/phishing)....it's not overly difficult. Our side is like being the investigator, trying to find the activity and uncover the facts that lead to it, and finding a way to stop it from happening again. It also requires a good understanding of attacking tradecraft. 2) Many people think pentesting is hacking 24/7, when in reality it's a lot of planning leading up to a pentest, then some routine scanning, then a short amount of actual pentest, then a large amount of report writing/customer engagement."

Job Description:

Responsible for maintaining the integrity and security of

enterprise-wide cyber systems and networks. Supports cyber security

initiatives through both predictive and reactive analysis, articulating

emerging trends to leadership and staff. Coordinates resources during

enterprise incident response efforts, driving incidents to timely and complete

resolution. Performs network traffic analysis utilizing raw packet data, net

flow, IDS, and custom sensor output as it pertains to the cyber security of

communications networks. Reviews threat data from various sources and develops

custom signatures for Open Source IDS or other custom detection capabilities.

Correlates actionable security events from various sources including Security

Information Management System (SIMS) data and develops unique correlation

techniques. Utilizes understanding of attack signatures, tactics, techniques

and procedures associated with advanced threats. Develops analytical products

fusing enterprise and all-source intelligence. Be able to conduct malware

analysis of attacker tools providing indicators for enterprise defensive

measures, and reverse engineer attacker encoding protocols. Interfaces with

external entities including law enforcement organizations, intelligence

community organizations and other government agencies such as the Department

of Defense.

DISA is a combat support agency of the Department of Defense (DoD). The agency is composed of nearly 6,000 civilian employees; more than 1,500 active duty military personnel from the Army, Air Force, Navy, and Marine Corps; and approximately 7,500 defense contractors. The agency provides, operates, and assures command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure in direct support to joint warfighters, national level leaders, and other mission and coalition partners across the full spectrum of military operations. DISA has decided to shut down one of its facilities in Hawaii and establish those operations in Utah, which is the reason for the openings here at Scott. Leidos has won the contract and is responsible for building out this large team. The first phase of this team build out is to put this Cyber Security Team together.

These folks will be working in what is essentially a commercial SOC, but for the Military/DISA. They will mostly be monitoring intrusions and escalating issues. If a candidate is more of a tier two or three level they will still hire them. Show me any candidate, in any pay range they are open to senior members as well. For now, ideal candidates will be from the reserves, the national guard, or separating from active duty.

The candidate will serve as a Cyber Operations Analyst on the DISA GSM-O program. Analysts synthesize, summarize, consolidate and share potentially malicious activities on the DoDIN with DISA and mission partner organizations by creating incident reports, wiki updates, Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE, CISSP or equivalent) with the ability to obtain CND-A certification within 180 days of start date.- Hold and maintain an active Top Secret w/ SCI eligibility- Hold a proficient understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.- Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).- Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.- Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.- Familiarity or experience in Intelligence Driven Defense and/or Cyber Kill Chain methodology.collaboration/chat tippers and notifications, DoD incident handling database queries, metrics, and trend reports.

Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks. Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff. Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution. Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks. Reviews threat data from various sources and develops

custom signatures for Open Source IDS or other custom detection capabilities. Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques. Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats. Develops analytical products fusing enterprise and all-source intelligence. Be able to conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols. Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense.

Required Skills, Experience, and Education: Basic Qualifications- Candidate must possess a CompTIA Security+ with Continuing Education (CE) certification; have experience supporting CND or related teams; working CND duties (e.g., Protect, Defend, Respond, and Sustain); experience working with DoD / Government Leaders at all levels; and have strong communication skills (both written and verbal). Desired skills: Candidate should have at least one other IA certification completed, i.e., SSCP, CSIH, GCIA, GCIH or CEH; have UNIX Administrative skills; Command Line Scripting skills (PERL, python, shell scripting) to automate analysis task; Knowledge of hacker tactics, techniques and procedures (TTP); Be able to conduct malware analysis; Demonstrated hands on experience with various static and dynamic malware analysis tools; Knowledge of advanced threat actor tactics, techniques and procedures (TTP); Understanding of software exploits; Ability to analyze packed and obfuscated

code; Comprehensive understanding of common Windows APIs and ability to analyze shellcode. Typical minimum requirements: Bachelor's degree from an accredited college in a related discipline or equivalent experience/combined education with 7 years of professional experience or 5 years of professional experience with a related Master's degree.

Skills:

Cyber security, Network, cisco, intel*, security+, CND, Cyber Defense, Cyber Network Defense, Cyberspace Operations, Cyber Protection Team, National Mission Team, Combat Mission Team, Cyber Mission Forces, Network Defense, Network Defender #FEDTPP, Blue Team, SIEM, Cyber Hunting, cyber attack, pentester, pentest, Penetration Test, red team, leidos, DISA, STIG, RMF, ACAS, cyber analyst, cyber intelligence, cybersecurity, cybersurety, cyber surety

Top Skills Details:

1-TS Clearance and Security+ minimum

2-Cyber Network Defense/Cyber Security Experience

3-TCP/IP and Route/Switch networking basics required for interview

Additional Skills & Qualifications:

These candidates need to have a high level of professionalism as they will be working on an Active Air Force Base.

Experience Level:

Intermediate Level

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

DirectEmployers