Job Summary

Battelle's Cyber team is seeking a Senior All Source Cybersecurity Analyst to work as a team member analyzing network traffic and internet metadata information, characterize and identify anomalies in network traffic, conduct Cyber Intelligence, Monitoring, and Reconnaissance (IMR) activities, identify vulnerabilities, identify indicators of compromise, and address cybersecurity issues inside and outside of a computer network. The position location is our Huntsville, AL office. Travel to Columbus OH, Chantilly VA, and/or other Customer locations may be necessary based on program or customer needs.

A Senior All Source Cybersecurity Analyst at Battelle is an expert in all-source cyber analysis. Additionally, Cybersecurity Analysts are experts in the OSI model, anatomy of an attack, network traffic characterization, and have working knowledge of various anomaly detection methods. This job is right if you have a passion for continuous research and solid understanding of networks, protocols, network flows, and cybersecurity in the form of TCP/IP, packet structure, protocol characteristics, troubleshooting anomalous network behavior, interpreting and applying internet metadata, and designing solutions with a team of experts operating in a variety of environment, e.g., mobile, deployed, fixed, cloud.

"From Silicon to Systems" - We are an elite, multi-disciplinary team, bringing together the brightest minds from physics, computer science, electrical engineering, and mathematics to develop unique cybersecurity solutions for government and industrial customers. Battelle has been trusted by elite government clients to solve some of the world's hardest security problems. We work in small agile teams to push the bounds of computing technology. Our high-powered labs include specialized software and hardware, so our engineers have everything they need to invent new cyber solutions.

We encourage new ideas with our large Internal Research and Development (IR&D) program where engineers work on projects they are passionate about. Inventors and innovators are rewarded by our industry-leading intellectual property compensation program. Our group works collaboratively with many parts of Battelle's larger organization on projects ranging from genomics to robotics.

Battelle Cyber Online
GitHub: https://github.com/Battelle
Battelle Cyber: https://www.youtube.com/watch?v=XqMuKsqH9wc

Responsibilities

• Work as a team member of multiple projects to identify anomalous behavior in network traffic.
• Provide indications and warnings (I&W) to network defenders, based on internet metadata and internal network traffic analysis.
• Interpret internet metadata and apply it to customer network traffic, providing “edge-and-beyond” analysis.
• Characterize network traffic using custom analytic tools maintained by Battelle
• Conduct large scale cyber ISR research and analysis
• Perform open source research on publicly available information (PAI) and commercial data
• Write reports to document observations, remediation, and recommended actions.
• Collaborate with other Battelle teams, e.g., sharing analysis with other Battelle teams.
• Ensure the veracity of the data being collected, and understand the various data sources.
• Research emerging trends in networking technology and related exploits.
• Provide technical and analytical briefings on assessments, testing, or experimental results to key stakeholders and leadership.

Key Qualifications

• Bachelor’s degree in STEM with 8 years’ experience, Master’s degree in related field with 5 years’ experience, or PhD with 2 years’ experience, or equivalent related work experience
• Hands on experience with commercial and open-source assessment tools, e.g., Elastic, Security Onion, Zeek, Suricata, Wireshark, Network Miner, Augury, Censys, Shodan, Virus Total, etc.
• Display understanding in the analysis of network flow, logs, and PCAP
• Understanding of networking and security concepts (e.g., TCP/IP stack, routing, firewalls, intrusion detection systems, intrusion prevention systems).
• Familiarity with IP networking concepts, e.g., virtual private networks, tunneling, layering, defense in depth.
• Understanding of commodity networking applications, e.g., DNS, Active Directory.
• Familiarity with scripting languages to facilitate tool application, e.g., PowerShell, Python, Bash.
• Ability to communicate complex analysis to teammates.
• Ability to communicate technical concepts to teammates. Interested in advanced intelligence analytic techniques.
• Prior penetration testing or red team experience favorable, but not necessary.
• Must be a sole U.S. Citizen and have the Ability to obtain and maintain a Top-Secret clearance with access to Sensitive Compartmented Information.
• Travel up to 25% of the time.

Preferred Qualifications

• Extensive experience with PCAP network flow, Zeek log data, commercial network flow.
• Experience with cyber threat intelligence data sources and analysis.
• Display experience combining all source cyber threat intelligence into deliverable and actionable information.
• Experience with applying frameworks to cyber security, e.g., MITRE ATT&CK, NIST.
• Cyber Threat Intelligence or SIGINT background favorable.