Malware Analyst SME

We are seeking an experienced Malware Senior Engineer, Subject Matter Expert to become part of the Department of State (DoS) Diplomatic Security Cyber Mission (DSCM) program to provide leading cyber and technology security experience to enable innovative, effective and secure business processes.

Location: Beltsville, MD and Rosslyn, VA. Ideally, looking for someone that can support a hybrid and flexible schedule, in the event of significant cyber incident a continuous on-site presence will be required.

Program Overview

The DSCM program encompasses cyber security, data analytics, engineering, technical, managerial, operational, logistical and administrative support to aid and advise DOS Cyber & Technology Security (CTS) Directorate. This includes protecting a global cyber infrastructure comprising networks, systems, information, and mobile devices all while identifying and responding to cyber risks and threats. Those supporting the DSCM program strive to leverage their expert knowledge and propose creative solutions to real-world cybersecurity challenges.

About the Role

• Provide static and dynamic malware analysis support in a 24x7x365 environment.
• Contribute to Shift Change Document.
• Conduct advance analysis and recommend remediation steps for cybersecurity events and incidents.
• Publish after-action reports, cyber defense techniques, guidance, and incident reports.
• Respond to and assist with the resolution of any suspected or successful cybersecurity breach or violation.
• Share knowledge and intelligence gained from cybersecurity events with stakeholders.
• Assist with training junior level analysts.
• Perform analysis of network and host logs.
• Perform network searches, artifact collection and timeline analysis using a variety of EDR tools.
• Share in-depth knowledge and intelligence gained from cybersecurity events with stakeholders.
• Protect against and prevent potential cybersecurity threats and vulnerabilities.
• Assist in the development and implementation of training programs for malware analysts.
• Review, draft, edit, update, and publish cyber incident response plans.

Qualifications:

• Bachelor’s degree and 12 years of relevant experience.
• An additional 4 years of work experience will be considered in lieu of degree.
• Ability to resolve highly complex malware and intrusion issues using computer host analysis, forensics, and reverse engineering.
• Ability to recommend sound counter measures to malware and other malicious type code and applications which exploit customer communication systems.
• Has knowledge in development of policies and procedures to investigate malware incidents for the entire computer network?
• Experience with Debuggers, Disassemblers, Unpacking Tools, and Binary analysis tools.
• Experience with static and dynamic malware analysis tools and techniques.
• Ability to identify remediation steps for cybersecurity events.
• Experience with Splunk and EDR tools such as Microsoft Defender for Endpoint (MDE), Tanium.
• Ability to analyze a variety of Operating System log types.
• Experience in the development of policies and procedures to investigate malware incidents for the enterprise network.
• Knowledge of IOCs and APT threat actors.
• Knowledge of the Incident Response Lifecycle.
• Knowledge of host and network forensic analysis.
• Demonstrated strong organizational skills.
• Proven ability to operate in a time sensitive environment.
• Proven ability to communicate orally and written; ability to brief (technical/informational) senior leadership.
• Experience collaborating with cross functional teams.
• Experience with static and dynamic malware analysis tools and techniques.
• At least ONE of the following as an active certification:
• CASP CE, CCISO, CCNA Cyber Ops, CCNA-Security, CCNP Security, CEH, CFR, CISA, CISM, CISSP (or Associate), CISSP-ISSAP, CISSP-ISSEP, Cloud , CySA , GCED, GCIA, GCIH, GICSP, GSLC, SCYBER.
• U.S. citizenship required
• An active Interim Top Secret security clearance w/ SCI eligibility.

Preferred:

• Understanding of Security Operations Center processes and workings.
• Experience with ServiceNow Ticketing Software.
• Experience in the development of policies and procedures to investigate malware incidents for the enterprise network.
• Experience handling state and national level intrusions.
• Demonstrated ability to utilize and leverage forensic tools to assist in determining scope and severity of a cybersecurity incident.
• Knowledge of high- and low-level programming.
• Experience in developing and delivering comprehensive training programs.

For any questions regarding this job announcement or the status of your application, please contact our Director of Recruiting, Mr. Brian Jennings, via email at bjennings@agr-us.com.