Trace Systems

Returning Candidate?

CND Analyst

CND Analyst

Job ID 
2017-1926
# of Openings 
1
Job Locations 
US-DC-Washington
Posted Date 
8/11/2017
Category 
Information Technology

More information about this job

Overview

Trace Systems, headquartered in Vienna, Virginia, was founded in 1999 to support and defend our nation's security interests at home and abroad–– whenever and wherever. We provide cybersecurity, intelligence, communications, networking and information technology services, systems, and solutions to the United States Department of Defense, Intelligence Community and Department of Homeland Security.
 
 
Job Title:  CND Analyst

Job Location: Washington, DC

Security Clearance: TS/SCI - position is contingent upon final adjudication for Yankee White

Job Responsibilities

The candidate will correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS and custom sensor output as it pertains to the cyber security of communications networks, and participate in the coordination of resources during incident response efforts. The candidate will assess threats and risks to DoD Information Network (DoDIN) and recommend appropriate courses of action to mitigate threats and reduce risks. Analysts will leverage additional data sets including Host Based Security System (HBSS), Sensage and Splunk, network sniffers and DISA Community Data Center (CDC) tools, or other tools as directed by Government Site leadership.
 
CND Team duties include but are not limited to:
 
Detect:

  • Employ advanced forensic tools & techniques for network attack reconstruction
  • Perform network traffic analysis utilizing raw packet data, net flow, IDS, IPS and custom sensor output, as it pertains to the cyber security of communications networks
  • Correlate actionable security events from various sources, including Security Information Management System (SIMS) data & develop unique correlation techniques
  • Utilize knowledge of attack signatures, tactics, techniques and procedures to aid in the detection of Zero-Day attacks

 
Response:

  • Participate in the coordination of resources during enterprise incident response efforts
  • Interface with external entities including law enforcement, intelligence community & other government agencies
  • Provide limited analysis of incidents for the customers by: determining the incidents‘ nature and formulating responses; identifying & providing the ability to surge during emergencies; correlating event & incident data; determining possible effects on the DISN, customer networks & other organizations

 
Sustain:

  • Review threat data from various sources & aid in the development of custom signatures for Open Source & COTs IDS
  • Provide CND server admin & maintenance of the EMS workstations, servers, intrusion detection systems, and other associated equipment
  • Assess server security posture
  • Ensure security plan compliance
  • Ensure configuration changes do not adversely impact the server security
  • Perform NA-related audits & logging
  • Implement Vulnerability Mgmt System (VMS) and IAVA compliance
  • Monitor servers
  • Provide user administration & logistics support
  • Install, configure & monitor CND security-relevant network components
  • Ensure that C&A reqs are satisfied; manage reqs for class & unclass networks
  • Perform infrastructure monitoring and performance assessment & new req analysis and support For new equipment: order, inspect & inventory the equipment; determine outside support installation reqs; update equipment security information
  • Maintain the Integrated Configuration & Tracking System (ICATS) & other configuration databases, ensure security posture integrity during system outages, coordinate configuration changes with the DAA for changes in security posture or status, and maintain security documentation for HW & SW baselines & maintenance logs

 
Protect:

  • Provide support to serviced components & appropriate Government oversight entities by implementing DoD-wide Red Team: notifications, reports, assessments, coordination, information collection, performance measurement, reqs identification, & feedback
  • Monitor the implementation of IAVAs
  • De-conflict component & information specific IAVA guidance

  

Minimum Qualifications

  • Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent)
  • Ability to obtain Certified Ethical Hacker certification (or equivalent GCIA) within 90 days of start date.  Strongly preferred if candidate already has this certification.
  • Must hold TS-SCI clearance to start.  Must be able to successfully pass Yankee White clearance process to continue employment
  • Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
  • Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
  • Willing to perform shift work which may include weekends or non-standard work hours.

Desired Qualifications

  • Preferred certifications:  CISSP, CCNA-Security (CCNA-S)
  • CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
  • Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
  • Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations.
  • In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk).
  • Experience and proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics.
  • Experience with malware analysis concepts and methods.
  • Understanding of Linux and basic Linux commands; understanding of mobile technology and OS (i.e. Android, iOS, Windows)
  • Scripting and programming experience (Powershell; Bash/PERL/Python scripting)
  • Motivated self-starter with strong written and verbal communication skills.
  • Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification.

Education

  • Preferred to have Bachelor’s in Engineering, Computer Science, IT management OR sufficient technical certifications and experience in lieu of a degree.

Security Clearance

  • Position requires an active, in-scope TS/SCI clearance and the ability to obtain final adjudication for Yankee White

 

To Apply: We invite you to put your talents to work by joining a growing team of dynamic professionals here at Trace Systems! Be part of a culture at our leading edge company where you can achieve great things while fostering a satisfying and rewarding career progression. Please apply directly through the website at: www.tracesystems.com.      #jointracesystems
 
 
For any additional questions or to submit any referrals, please contact rrobertson@tracesystems.com
 
 
Trace Systems is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
 

Connect With Us!

Not ready to apply? Connect with us for general consideration.