Cyber ​​Defense Analyst Level 3 at IntelliGenesis – San Antonio, TX

Tasks of the track

• Uses information from multiple sources to monitor and analyze network activity for evidence of anomalous behavior.
• Identifies, triages, and reports events that occur to protect data, information systems, and infrastructure.
• Find trends, patterns, and anomalous correlations using security-relevant data.
• Advises on proactive security measures.
• Performs analysis to isolate indicators of breach.
• Inform designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and describe the history, status, and potential impact of the incident so that further action can be taken in accordance with the organization’s cyber incident response plan.
• Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
• Generate cybersecurity cases (including event history, status, and potential impact for further action) and forward as needed.
• Use knowledge of commonly used network protocols and detection methods to defend yourself against such abuse.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Perform advanced manual analysis to detect previously unidentified threats.
• Perform PCAP analysis.
• Identify cyber attack phases based on knowledge of common attack vectors and network layers, models, and protocols.
• Apply techniques to detect host- and network-based intrusions.
• Knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
• Understand the basics of a secure Windows network and which native services and protocols are susceptible to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
• Knowledge of network traffic fragmentation and how to detect and evaluate fragmentation-related attacks in raw packet captures.
• Perform network (traffic, protocol, and packet level) and netflow analysis for anomalous values ​​that may be security relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
• Understand how sniffer filters are created and how they are tuned to feed IDS alerts.
• Understand security threats and vulnerabilities for systems and applications, including buffer overflows, SQL injection, race conditions, covert channels, replay and return-oriented attacks, malicious code, and malicious scripts.
• Analyze malicious activity to determine exploited vulnerabilities, exploitation methods, and effects on the system and information.
• Perform event correlation using information gathered from multiple sources across the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Knowledge of the indications of Command and Control (C2) channels and what strategies attackers use to bypass an enterprise’s defenses from a compromised host.
• Demonstrate advanced knowledge of how adversaries penetrate networks and how these attacks are linked to detectable events in the ATTACK framework.
• Understand how VBS, Jscript, and Powershell can be used maliciously within a network and what level of monitoring and control is required to detect this.
• Have deep knowledge of Active Directory abuse by attackers for lateral movement and persistence.
• Provide expertise in identifying hostile tactics, techniques, and procedures (TTPs) and in developing and implementing signatures.
• Conduct team product reviews to ensure analysis completion.
• Lead and mentor team members as a technical expert.

Required skills:

• US citizens only
• Active TS/SCI statement and polygraph required
• A minimum of eight (8) years of demonstrable experience as a CDA on programs and contracts of similar size, type and complexity is required. A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar size, type and complexity.
• Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. CE certification requirements can be fulfilled with Microsoft OS, Cent OS/Red Hat OS CE certifications.
• Requires successful completion of the Splunk software training “Fundamentals 1”
• Requires Global Information Assurances Certificate (GIAC) and Global Certified Incident Handler (GCIH) certifications.
• Two (2) years of demonstrable and practical experience with the basics of TCP/IP.
• Two (2) years demonstrable experience with tcpdump or Wireshark.
• Three (3) years of proven experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).
• Three (3) years of demonstrable experience using network analysis and threat analysis software.
• Three (3) years of proven experience maintaining or managing cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools such as Microsoft Sentinel

__________________________________________________________________________________________________

IntelliGenesis is committed to providing equal opportunities to all employees and applicants. The Company is an Equal Opportunity Employer (EOE) and as such will not tolerate discrimination, retaliation or harassment of its employees or applicants for employment based on race, color, religion, sex, sexual orientation, national origin, age, genetic information, disability or any other characteristic protected under local, state or federal law in any employment practice. Such employment practices include, but are not limited to: recruitment, promotion, demotion, transfer, solicitation or solicitation advertising, selection, disciplinary action,

IntelliGenesis is committed to fair and equal employment opportunities for individuals with disabilities. It is the Company’s policy to provide reasonable accommodation to qualified individuals with disabilities unless the accommodation would impose an unreasonable burden on the organization. In accordance with the Americans with Disabilities Act (ADA), as amended, reasonable accommodation will be provided to qualified individuals with disabilities when such accommodation is necessary to enable that individual to perform the essential functions of their employment or to enjoy the equal benefits and privileges of employment. This policy applies to all applicants for employment and all employees.