Req ID: RQ160815
Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph
Job Family: Cyber Security
Skills:
Cybersecurity Analytics,Data Analytics,Data Mining Analysis
Certifications:
Certified Information Systems Security Professional (CISSP) - (ISC)2
Experience:
8 + years of related experience
US Citizenship Required:
Yes
Job Description:
Reporting to the Lead of Focused Operations, under the Branch Chief of Defensive Cyber Operations, you will be tasked with developing and maintaining defensive countermeasures for the enterprise. Working within a Fusion model will collaborate with other teams within Focused Operations with the distinct task of proactively preventing a successful compromise and eradicating persistent adversaries already in the enterprise. This will be done through various means such as: reviewing future and past intelligence reports, reviewing incident reports, through regular Purple Teaming exercises, and continuously validating Defensive Countermeasures already deployed.
More about your role:
Analyzes trends and patterns of data on confidential networks to identify and predict previously undiscovered events and incidents and develop or tune rules/signatures/scripts as needed.
Coordinates with Defensive Cyber Operations and Focused Operations to develop or tune rules/signatures/scripts.
Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on enterprise systems and develop or tune rules/signatures/scripts as needed.
Correlates and analyzes precursors to incidents and develop or tune rules/signatures/scripts as needed.
Will collaborate with the Cyber Data Analytics team to achieve SIEM alert efficiency though evaluation of valid alerts and false positives and develop or tune rules/signatures/scripts as needed.
Work with the Cyber Incident Response Team by assessing ongoing incident activity to predict adversary responses and locations of compromise to assist with triage.
Documents all work in the authorized ticketing system with a sufficient level of detail to ensure all stakeholders can systematically reconstruct the analysis.
Provide input to reoccurring meetings and briefings as required.
Required Qualifications:
Must be a US Citizen with an Active TS/SCI.
8+ years of related advanced cyber security analytics work experience.
Must have a certification that is compliant with DoD 8140.01 and DoD 8570.01-M IAT Level III and CSSP Analyst.
Experience with data mining or building queries in a SIEM.
Strong understanding of signature development and tuning.
Strong understanding of network protocols and analysis with protocol analyzers.
Knowledge of static file signatures, i.e., "magic numbers" and how it applies to developing countermeasures for files in transit and that reside locally on a host.
Good working knowledge of regular expressions.
The likely salary range for this position is $96,754 - $130,902. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
We connect people with the most impactful client missions, creating an unparalleled work experience that allows them to see their impact every day. We create opportunities for our people to lead and learn simultaneously. From securing our nation's most sensitive systems, to enabling digital transformation and cloud adoption, our people are the ones who make change real.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
S:SKINTIAGP2