This opportunity is in San Antonio, TX
Let's make a positive impact on U.S. National Security!
We are building a World-Class Cyber Incident Response Center - want to be a part of it?
SecureTech Cyber Defense Analysts make a difference every day in support of the nation's Intelligence Community:
We use information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior..
We Identify, triage, and report events that occur to protect data, information systems, and infrastructure..
We find trends, patterns, or anomaly correlations utilizing security-relevant data. We recommend proactive security measures.
Our Analysts conduct analysis to isolate indicators of compromise and notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents.
As a SecureTech Cyber Defense Analyst these are the types of skills and capabilities you will use!
- Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
- Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.
- Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Perform advanced manual analysis to hunt previously unidentified threats.
- Conduct PCAP analysis.
- Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
- Apply techniques for detecting host- and network-based intrusions.
- Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
- Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
- Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures.
- Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
- Understand snort filters and how they are crafted and tuned to feed IDS alerting.
- Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.
- Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
- Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.
To get started in this exciting opportunity, you need a TS/SCI clearance with at least a CI polygraph.
- Four (4) years of demonstrated experience as Cyber Defense Analyst. (A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of experience).
- One (1) year of demonstrated and practical experience in TCP/IP fundamentals.
- One (1) year of demonstrated experience with Bricata, tcpdump or Wireshark.
- Two (2) years of demonstrated experience using security tools such as Splunk, ArcSight, Kibana, LogRhythm.
- Two (2) years of demonstrated experience maintaining or managing Cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools like Microsoft Sentinel.
Certifications required include:
Don't have all these certs? Apply anyway! We can work with you!
DoD 8570 CSSP Analyst Baseline (CEH, CySA+, CCNA-Security, CHFI, etc)
DoD 8570 IAT Level 2 (Sec+, CySA+, CCNA-Security, etc)
DoD 8570 Computing Environment (MS Windows, Linux, CentOS, ServiceNow, etc)
SPLUNK Fundamentals 1
SCADA certification (GICSP - Global Industrial Cyber Security Professional or GRID - Global Response and Industrial Defense)
Why come to the SecureTech family?
- We really do consider employees first in decisions. It is hard enough to work through the personal/social/technical hurdles that come with your position as a cleared defense contractor - no need to fight your own employer's red tape as well.
- We offer a compensation package that is more than just commensurate with this closed contractor community. We offer generous benefits (PTO, training support, etc) in addition to the high salaries. We know that you know - salary isn't everything.
- SecureTech is an Equal Opportunity Employer – we hire the right people for the job - regardless of employment status such as female, minority, protected veterans, individuals with disabilities, etc.
Our concern is that you are qualified for the position, and that you are placed in a position in which you can be successful!
Apply now! Multiple positions are awaiting your expertise!
Resume to firstname.lastname@example.org