|Mar 12, 2018
Network Cyber Engineer (060)
Location: Linthicum, MD
Certifications Desired: CISSP, CEH, Security+, SANS, Network+, CCNA
Clearance: TS/SCI CI Poly preferred - Not Necessary to start
Certifications Desired: CISSP, CEH, Security+, SANS Certification(s), Network+, CCNA
•10-14 years BS Information Technology, Information Security, Computer Science, Intelligence Studies, Cyber Security, 3+ years Cyber threat intelligence analysis.
• Network Communication, TCP/IP protocols, System Administration, malware communication, installation, types
• Good background in computer network defense operations (proxy, firewall, IDS/IPS, router/switch) and open source information collection, Domain Name Service records.
• Cyber Threat Intelligence principles, compromise (IOC) types, indicator pivoting, indicator attribution strength.
• Understanding US Intel Community, how cyber intelligence organizations work conducting cyber threat analysis
• Performing NETFLOW and PCAP analysis using common analysis tools (Wireshark, Splunk, ChopShop, Dshell, Network Miner, Moloch, etc).
• Proficient sessionizing PCAP data, identifying, decoding protocols, extracting files, applying standard filters, Berkley Packet Filter (BPF).
• Report writing - Writing sample, editing test required if candidate has no prior published intelligence analysis reporting
• Apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask why, defend your analysis, apply attribution to cyber threat activity.
• Make confidence-based assessments for attribution based on their technical analysis of network traffic, multi-source data, malware and system forensic analysis, identify analytic bias.
• Build intrusion data visualizations, perform analysis (I2 Analyst Notebook, Netviz, Palantir, etc)
• Present technical information and analysis to groups up to 50 persons on a quarterly basis, brief smaller groups up to 10 persons on a weekly basis.
• Self-starter, ability to engage/develop relationships with intrusion set SME's, analyst counterparts across the US Intel and Law Enforcement communities
• Chinese Mandarin language, ILR 3/3 level (equivalent certified language training) with a test date last 3 years
• Formal training as Intel Analyst. IE: Graduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etc
• Applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity
• AN Certification as CISSP, CEH, Security+, SANS certification(s), Network+, CCNA
• Advanced NETFLOW and PCAP Analysis
• Advanced Data Visualization proficiency leveraging COTS/GOTS tools
• Technical Skills: Python language, encryption technologies/standards
• Intermediate malware analysis or digital computer forensics experience
• Cyber related Law Enforcement or Counterintelligence exp.
• SME of Advanced Persistent Threat activity
• COTS/Open Source tools: Novetta Cyber Analytics, Mitre ChopShop and/or ARL DSHELL
• Analyst experience in Federal Cyber Center, NSA, or Corporate CIRT