Cyber Protection Team Analyst

We are an employee-centric company that truly appreciates our team members and their value to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technically proficient and technically capable across a comprehensive range of cyber mission areas. OneZero full-time employees receive an extremely competitive benefits package that includes health/dental/vision/life insurance plans, 401K with company matching, PTO & paid holidays, employee referral program, and educational assistance. Additional details can be found on our website at: https://www.onezerollc.com/careers/

Position Title: Cyber Protection Team Analyst

Location: Washington DC Hybrid, Martin Luther King Jr. Avenue

Clearance: TS/SCI

The CPT Analyst Role will be chosen between one of the following roles: Master Host Analyst (Microsoft Windows), Master Host Analyst (Linux), and Master Network Analyst.

General Responsibilities

• Monitor the operational environment and report on adversarial activities.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Provide and maintain documentation for Tactics, Techniques, and Procedures (TTPs) as inputs to training programs.
• Read, interpret, write, modify, and execute simple scripts to automate tasks and process data.
• Plan and recommend modifications or adjustments based on exercise results or system environment.
• Collaborate with intelligence analysts/targeting organizations involved in related areas.
• Network Analyst Specific Responsibilities:
• Analyze network traffic for defensive cyber operations.
• Demonstrate mastery understanding of network protocols, theory of their operation, header structure, and forensic value.
• Demonstrate advanced understanding of analytical methods needed to identify anomalies in network traffic and the skills required to reverse engineer network protocols.
• Evaluate security architecture and its design against cyberspace threats.
• Perform security reviews and identify gaps in security architecture and develop a security risk management plan.
• Detect exploits against targeted networks and hosts and react according to established documentation.
• Recommend patch network vulnerabilities to ensure information is safeguarded against outside parties via Risk Mitigation Plans.
• Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.
• Design countermeasures and mitigation against potential exploitations of programming language weaknesses and vulnerabilities in systems and elements.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Identify applications and operating systems of a network device based on network traffic.
• Host Analyst (Windows/Linux/Unix) Specific Responsibilities:
• Possess advanced knowledge of Enterprise Services (Windows, Linux/Unix) and their security configurations.
• Demonstrates advanced knowledge of file systems, permissions, and operating system configurations for both Windows and Linux/Unix environments.
• Capture memory of individual processes and analyze them using built-in tools and capabilities.
• Navigate and search for file system structures and common processes for vulnerabilities, anomalies, backdoors, rootkits, remote-access tools, malware, etc.
• Monitor, research, analyze, diagnose, and configure/manage virtualization within Windows and Linux/Unix environments to detect and respond to anomalies, vulnerabilities, and cyber incidents.
• o Demonstrate advanced knowledge of developing common automation tasks, custom modules, and functions to identify anomalies or suspicious machines, utilizing scripting languages relevant to each OS (e.g., PowerShell, Python, Bash).
• Perform initial triage procedures on potentially malicious/compromised systems using best business practices.
• Patch system vulnerabilities to ensure information is safeguarded against outside parties.
• Conduct network and system-level reconnaissance and vulnerability analysis of other systems within a network.
• Identify and conduct network mapping and operating system (OS) fingerprinting activities.
• Conduct open-source data collection via various online tools.
• Edit or execute scripts (e.g., PowerShell, Python, Bash/shell, PERL, PHP, VBScript) to perform tasks such as parsing large data files, automating manual tasks, and fetching/processing remote data.
• Deploy cyber tools to a target system and utilize them once deployed (e.g., backdoors, sniffers).
• Determine and document software patches or the extent of releases that would leave software vulnerable.
• Identify applications and operating systems of a network device based on network traffic.
• Confer with systems analysts, engineers, programmers, and others to design applications and to obtain information on project limitations and capabilities, performance requirements, and interfaces.
• Evaluate system security architecture and its design against cyberspace threats as identified in operational and acquisition documents.
• Perform security reviews and identify gaps in environment security architecture and develop a security risk management plan.
• Assist in the construction of signatures which can be implemented on cyber defense tools in response to new or observed threats within a given network enclave.
• Detect exploits against targeted networks and hosts and react accordingly.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on systems and information.
• Isolate, extract, analyze, remove, and document malware on systems
• Relevant Years of Experience: 5+ years of experience in any combination of cyber technology, cybersecurity, offensive cyber operations, penetration testing, coding/scripting, vulnerability assessments, network/system administration, or related fields.
• Education: BA/BS or equivalent years of relevant experience
• Certifications: IAT III & CSSP, Offensive Security Certified Practitioner (OSCP)
• Active Top Secret with SCI eligibility
• Cyber Threat/Protection Analysis experience, including experience conducting or supporting Cyber Mission Forces exercises.
• Expert understanding of cyber threats, information security, monitoring and detection
  

  OneZero Solutions, LLC is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

  If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access www.onezerollc.com/careers as a result of your disability.

  To request an accommodation, please contact us at recruiting@onezerollc.com or call (202) 987-2580.