|Dec 20, 2017
Computer Forensic & Intrusion Analyst (060)
Network Engineer (CISSP, CCNA)
Location: Linthicum, MD
Clearance: TS or TS/SCI with CI poly preferred
Certifications: (any): CISSP, CEH, Security+, SANS Certification(s), Network+, CCNA
Language: Mandarin Chinese
•10-14 years of professional experience with a Bachelors Information Technology or Information Security, Computer Science, Intelligence Studies, Cyber Security or another related field of study or equivalent 3+ years performing technical cyber threat intelligence analysis.
•Proficient: Network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication, installation, malware types), intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch) and open source information collection, Domain Name Service records.
•Cyber Threat Intelligence principles, compromise (IOC) types, indicator pivoting and indicator attribution strength.
•Understanding US Intelligence Community, how cyber intelligence organizations work conducting cyber threat analysis
•Performing NETFLOW and PCAP analysis using common analysis tools (examples include Wireshark, Splunk, ChopShop, Dshell, Network Miner, Moloch, etc).
•Proficient at sessionizing PCAP data, identifying and decoding protocols, extracting files, and applying standard filters such as Berkley Packet Filter (BPF).
•Strong proficiency Report writing - a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting
•Apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask why, defend your analysis, and apply attribution to cyber threat activity.
•Make confidence-based assessments for purposes of attribution based on their technical analysis of network traffic, multi-source data, malware and system forensic analysis, identify analytic bias.
•Build intrusion related data visualizations, perform analysis (i.e., using I2 Analyst Notebook, Netviz, Palantir, etc)
•Present technical information and analysis to groups up to 50 persons on a quarterly basis, brief smaller groups up to 10 persons on a weekly basis.
•Self-starter with the ability to proactively engage and develop relationships with intrusion set subject matter experts and analyst counterparts across the US Intelligence and Law Enforcement communities
•Chinese Mandarin language, ILR 3/3 level of general proficiency (or equivalent certified language training standard) with a test date in the last 3 years
•Formal training as an intelligence analyst in any discipline ? graduate of US Govt intelligence analysis course: CAC, IBC, Kent School, IC 101, Analysis 101, Army, Navy, Air Force, etc
•Applying Kill Chain analysis, Cyber Intelligence Preparation of the Environment (CIPE) modeling, or Diamond modeling of cyber threat activity
• AN Certification as CISSP, CEH, Security+, SANS certification(s), Network+, CCNA
•Advanced NETFLOW and PCAP Analysis
•Advanced Data Visualization proficiency leveraging COTS/GOTS tools
•Technical Skills proficiency: Python language, encryption technologies/standards
•Intermediate malware analysis or digital computer forensics experience
•Cyber related Law Enforcement or Counterintelligence experience
•Existing Subject Matter Expert of Advanced Persistent Threat activity
•COTS/Open Source tools: Novetta Cyber Analytics, Mitre ChopShop and/or ARL DSHELL
Analyst experience in Federal Cyber Center, NSA, or Corporate CIRT