4 Cyber Defense Analyst with Security Clearance Jobs in Fort Meade, MD
SORT BY
C
P
P
L
Cyber Defense Analyst with Security Clearance
$81k-105k (estimate)
Other
1 Week Ago
Prime Time Consulting is Hiring a Cyber Defense Analyst with Security Clearance Near Fort Meade, MD
Prime Time Consulting provides clients with expert intelligence analysis services. Our clients include defense contractors, industrial and service corporations, and departments and agencies of the U.S. Federal Government. We are actively searching for Cyber Defense Analyst's (CDAs), located in Maryland, to support our team. We have varying levels of CNDAs, depending on years of experience and education. ESSENTIAL JOB DUTIES
Uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior.
Identifies, triages, and reports events that occur in order to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data.
Recommends proactive security measures.
Conducts analysis to isolate indicators of compromise.
Notify designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber intrusion The Cyber Defense Analyst shall possess the following capabilities:
Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.
Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Perform advanced manual analysis to hunt previously unidentified threats.
Conduct PCAP analysis.
Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
Apply techniques for detecting host- and network-based intrusions.
Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures. Cyber Defense Analyst Level 1 Qualifications: No demonstrated experience is required.
Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification Cyber Defense Analyst Level 2 Qualifications: Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required. A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity.
One (1) year of demonstrated and practical experience in TCP/IP fundamentals.
One (1) year of demonstrated experience with tcpdump or Wireshark.
Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).
Two (2) years of demonstrated experience in network analysis and threat analysis software utilization.
Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification Cyber Defense Analyst Level 3 Qualifications: Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.
Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Perform advanced manual analysis to hunt previously unidentified threats.
Conduct PCAP analysis.
Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
Apply techniques for detecting host- and network-based intrusions.
Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentationrelated attacks in raw packet captures.
Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
Understand snort filters and how they are crafted and tuned to feed IDS alerting.
Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.
Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.
Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATTACK framework.
Understand how VBS, Jscript, and Powershell can be maliciously used within a network and what level of monitoring and auditing is required to detect.
Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence.
Provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures.
Perform after-action reviews of team products to ensure completion of analysis.
Lead and mentor team members as a technical expert.
Uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior.
Identifies, triages, and reports events that occur in order to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data.
Recommends proactive security measures.
Conducts analysis to isolate indicators of compromise.
Notify designated managers, cyber incident responders, and cybersecurity service provider team member of suspected cyber intrusion The Cyber Defense Analyst shall possess the following capabilities:
Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.
Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Perform advanced manual analysis to hunt previously unidentified threats.
Conduct PCAP analysis.
Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
Apply techniques for detecting host- and network-based intrusions.
Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentation related attacks in raw packet captures. Cyber Defense Analyst Level 1 Qualifications: No demonstrated experience is required.
Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification Cyber Defense Analyst Level 2 Qualifications: Four (4) years of demonstrated experience as CDA in programs and contracts of similar scope, type, and complexity required. A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of CDA experience on projects of similar scope, type, and complexity.
One (1) year of demonstrated and practical experience in TCP/IP fundamentals.
One (1) year of demonstrated experience with tcpdump or Wireshark.
Two (2) years of demonstrated experience using security information and event management suites (such as Splunk, ArcSight, Kibana, LogRhythm).
Two (2) years of demonstrated experience in network analysis and threat analysis software utilization.
Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification Cyber Defense Analyst Level 3 Qualifications: Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.
Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Perform advanced manual analysis to hunt previously unidentified threats.
Conduct PCAP analysis.
Identify cyber-attack phases based on knowledge of common attack vectors and network layers, models and protocols.
Apply techniques for detecting host- and network-based intrusions.
Working knowledge of enterprise-level network intrusion detection/prevention systems and firewall capabilities.
Understand the foundations of a hardened windows network and what native services and protocols are subject to abuse (such as RDP, Kerberos, NTLM, WMI, and SMB).
Familiarity with fragmentation of network traffic and how to detect and evaluate fragmentationrelated attacks in raw packet captures.
Conduct network – traffic, protocol and packet-level – and netflow analysis for anomalous values that may be security-relevant using appropriate tools (such as Wireshark, tshark, tcpdump).
Understand snort filters and how they are crafted and tuned to feed IDS alerting.
Understand system and application security threats and vulnerabilities to include buffer overflow, SQL injection, race conditions, covert channel, replay and return-oriented attacks, malicious code and malicious scripting.
Analyze malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Familiar with indications of Command and Control (C2) channels and what strategies attackers use to bypass enterprise defenses from a compromised host.
Demonstrate advanced knowledge of how adversaries penetrate networks and how those attacks map to detectable events across the ATTACK framework.
Understand how VBS, Jscript, and Powershell can be maliciously used within a network and what level of monitoring and auditing is required to detect.
Possess deep knowledge of active directory abuse used by attackers for lateral movement and persistence.
Provide expertise in the identification of adversarial Tactics, Techniques, and Procedures (TTPs) and in the development and deployment of signatures.
Perform after-action reviews of team products to ensure completion of analysis.
Lead and mentor team members as a technical expert.
Job Summary
JOB TYPE
Other
SALARY
$81k-105k (estimate)
POST DATE
05/03/2024
EXPIRATION DATE
05/20/2024
Show more
Similar Jobs
Popular Articles
Top 10 Things to Avoid Putting on a Job Application
Read Article
How to Describe Your Education in a Resume
Read Article
How to Write a Memorable Cover Letter in 5 Ways
Read Article
4 Personal Finance Tips to Make During Job Transition
Read Article
4 Best Camera Setups for Interview
Read Article
Keeping a Job Search Journal: 9 Types of Journaling You Can Do
Read Article
