Cyber Defense Analyst Level 2 (SCADA) at IntelliGenesis – San Antonio, TX

Tasks of the track

Uses information from multiple sources to monitor and analyze network activity for evidence of anomalous behavior.
Identifies, triages, and reports events that occur to protect data, information systems, and infrastructure.
Find trends, patterns, and anomalous correlations using security-relevant data.
Recommends proactive security measures. Performs analysis to isolate indicators of compromise.
Inform designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and describe the history, status, and potential impact of the incident so that further action can be taken in accordance with the organization’s cyber incident response plan.
Previous demonstrable experience in using software applications and databases related to network analysis and target development
Use cyber defense tools to monitor, detect, analyze, categorize and perform initial triage of anomalous activity
Generate cybersecurity cases (including event history, status and potential impact for further action) and route as needed
Leverage knowledge of commonly used network protocols and detection methods to defend against related exploits
Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Perform advanced manual analysis to detect previously unidentified threats
Perform PCAP analysis
Identify cyber attack phases based on knowledge of common attack vectors and network layers, models and protocols
Apply techniques to detect host- and network-based intrusions
Knowledge of enterprise level network intrusion detection/prevention systems and firewall capabilities
Understand the basics of a hardened Windows network and which native services and protocols are susceptible to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB)
Knowledge of network traffic fragmentation and how to detect and evaluate fragmentation related attacks in raw packet captures
Perform network, traffic, protocol, packet, and net flow analysis for anomalous values that may be security relevant using appropriate tools (such as Wireshark, tshark, tcpdump)
Understand sniffer filters and how they are designed and tuned to feed IDS alerts
Understand security threats and vulnerabilities for systems and applications, including buffer overflows, SQL injection, race conditions, covert channels, replay and return-oriented attacks, malicious code, and malicious scripts
Analyze malicious activity to determine exploited vulnerabilities, exploitation methods, and impact on the system and information
Perform event correlation using information collected from various sources across the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass an enterprise’s defenses from a compromised host

Required skills:

US citizens only
Active TS/SCI statement and polygraph required
Minimum four (4) years of proven experience as a CDA on programs and contracts of similar size, type and complexity required. A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar size, type and complexity
Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. CE certification requirements can be fulfilled with Microsoft OS, Cent OS/Red Hat OS CE certifications.
Requires successful completion of the Splunk software training “Fundamentals 1”
ICS/SCADA certification comparable to Global Industrial Cyber Security Professional (GICSP) certification or Global Response and Industrial Defense (GRID) certification
One (1) year of demonstrable and practical experience in TCP/IP fundamentals
One (1) year demonstrable experience with tcpdump or Wireshark
Two (2) years of proven experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm)
Two (2) years of demonstrable experience using network analysis and threat analysis software
Two (2) years of proven experience maintaining or managing cloud environments such as Microsoft Azure, Amazon Web Services (AWS), using tools such as Microsoft Sentinel

__________________________________________________________________________________________________

IntelliGenesis is committed to providing equal opportunities to all employees and applicants. The Company is an Equal Opportunity Employer (EOE) and as such will not tolerate discrimination, retaliation or harassment of its employees or applicants for employment based on race, color, religion, sex, sexual orientation, national origin, age, genetic information, disability or any other characteristic protected under local, state or federal law in any employment practice. Such employment practices include, but are not limited to: recruitment, promotion, demotion, transfer, solicitation or solicitation advertising, selection, disciplinary action,

IntelliGenesis is committed to fair and equal employment opportunities for individuals with disabilities. It is the Company’s policy to provide reasonable accommodation to qualified individuals with disabilities unless the accommodation would impose an unreasonable burden on the organization. In accordance with the Americans with Disabilities Act (ADA), as amended, reasonable accommodation will be provided to qualified individuals with disabilities when such accommodation is necessary to enable that individual to perform the essential functions of their employment or to enjoy the equal benefits and privileges of employment. This policy applies to all applicants for employment and all employees.