Cyber Defense Analyst

Description

Powder River Industries, LLC provides technical services across the entire system development life cycle (SDLC). As a prime we are responsible for complete end-to-end system management for a customer’s top secret enterprise mission systems. This includes data center, logistics support, configuration management, COOP, and disaster recovery. As a subcontractor we are providing services in DevSecOps, software development, network administration, systems analysis, database administration, storage engineering, hardware engineering, Tier 1 – Tier 3 support in traditional data center environments (bare metal frames), high performance computing (HPC) centers, cloud, and hybrid cloud. The cloud environments we are operating in today are AWS, Microsoft Azure, and Oracle.  

Requirements

• Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.  
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources; develop content for cyber defense tools  
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment  
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack; perform cyber defense trend analysis and reporting  
• Provide daily summary reports of network events and activity relevant to cyber defense practices  
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts  
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities  
• Use cyber defense tools for continual monitoring and analysis of system activity to identify potential malicious activity  
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information  
• Identify applications and operating systems of a network device based on network traffic  
• Reconstruct a malicious attack or an activity utilizing network traffic 

Non Negotiable Requirements:  

1. Q or Top Secret with investigation current within the last 5 years  

2. On-site, no remote  

3. Travel Required. One week, once per quarter. 

Technical Environment: Microsoft, Linux, Splunk, Ansible, Tenable, GEMS 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.