CYBERSECURITY SIGNATURE ANALYST WITH SECURITY CLEARANCE
Strategic ASI
St. Louis MO 63101 US
Our client is seeking a Cybersecurity Signature Analyst: Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model, will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed. What You'll Get to Do:
* Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed;
* Coordinates with other Cybersecurity Operations to develop or tune rules/signatures/scripts;
* Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on NGA systems, and develop or tune rules/signatures/scripts as needed;
More About the Role:
* Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed;
* Improve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed;
* Assists the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise;
* Documents all work in the authorized ticketing system with a sufficient level of detail to ensure the Government and other contract services can systematically reconstruct the analysis;
* Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;
You'll Bring These Qualifications:
* Must be a US Citizen with an Active TS/SCI.
* 8+ years of related advanced cyber security analytics work experience.
* Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
* Experience with data mining or building queries in a SIEM.
* Strong understanding of signature development and tuning.
* Strong understanding of network protocols and analysis with protocol analyzers.
* Knowledge of static file signatures, i.e. magic numbers and how it applies to developing countermeasures for files in transit and that reside locally on a host.
* Good working knowledge of regular expressions.
* Preferred Skills:
* Comfortable in a hex editor.
* Ability to write python/bash/powershell scripts.
* Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
* Good understanding of Purple Team Tactics.
* Analyzes trends and patterns of data on NGA networks to identify and predict previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed;
* Coordinates with other Cybersecurity Operations to develop or tune rules/signatures/scripts;
* Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on NGA systems, and develop or tune rules/signatures/scripts as needed;
More About the Role:
* Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed;
* Improve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed;
* Assists the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise;
* Documents all work in the authorized ticketing system with a sufficient level of detail to ensure the Government and other contract services can systematically reconstruct the analysis;
* Provide input to the daily CSOC Significant Activity Report, the daily CSOC Operations Update, and the Weekly CSOC Status Report;
You'll Bring These Qualifications:
* Must be a US Citizen with an Active TS/SCI.
* 8+ years of related advanced cyber security analytics work experience.
* Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
* Experience with data mining or building queries in a SIEM.
* Strong understanding of signature development and tuning.
* Strong understanding of network protocols and analysis with protocol analyzers.
* Knowledge of static file signatures, i.e. magic numbers and how it applies to developing countermeasures for files in transit and that reside locally on a host.
* Good working knowledge of regular expressions.
* Preferred Skills:
* Comfortable in a hex editor.
* Ability to write python/bash/powershell scripts.
* Ability to analyze each use case, as it pertains to detection logic, and identify the corresponding capability.
* Good understanding of Purple Team Tactics.