Cyber Defense Analyst - Senior

ECS is seeking a Cyber Defense Analyst - Senior to work in our Washington, DC office.  Please Note: This position is contingent upon additional funding.

ECS Federal is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a Senior Cyber Defense Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Job Requirements:

• Strong written and verbal communication skills with excellent attention to detail
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
• Ability to conduct independent analysis with minimal assistance on events generated by SIEM and individual security tools.
• Ability to create custom detection rules to query log data for indicators of compromise.
• Experience conducting security event analysis from beginning to end and determining root cause.
• Experience creating and reviewing standard operating procedures with minimal supervision and oversight.
• Ability to mentor junior personnel and provide guidance on analysis that may exceed the capabilities of junior analysts.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Knowledge of incident response and handling methodologies.
• Knowledge of incident categories, incident responses, and timelines for responses.
• Knowledge of front-end collection systems, including traffic collection, filtering, and selection.
• Experience with system administration, network, and operating system hardening techniques.
• Knowledge of cyber defense and information security policies, procedures, and regulations.
• Knowledge of the common attack vectors on the network layer.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• In-depth understanding of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
• Knowledge of various types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
• Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).
• Knowledge of front-end collection systems, including traffic collection, filtering, and selection
• Develop content for cyber defense tools.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Identify and analyze anomalies in network traffic using metadata.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.

*6+ years of relevant work experience required*

Salary Range: $107,000 - $120,000

General Description of Benefits

• Bachelors degree or higher
• 6+ years’ experience in Network/data analysis, packet capture analysis, malware detection, custom intrusion signature development, advanced information assurance
• Certifications addressing incident handling (identification, overview, and preparation) buffer overflow, client attacks, covering tacks (networks, systems), denial of service attaches, incident handing (containment, eradication, recovery, and lessons learned), network attacks, password attacks, reconnaissance, scanning (discovery and mapping, techniques and defense), session hijacking and cache poisoning, techniques for maintaining access, web applications attacks, worms, bots, and bot-nets
• Active TS/SCI clearance