Data Exploiter (TS/SCI with Poly Required)

GCI, embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry.

 

At GCI, we solve the hard problems. As a Data Exploiter, a typical day will include the following duties:

 

A qualified Data/Exploiter with a focus as an End Point Analyst will provide network operations and cyber defense support.  The candidate is responsible for supporting operational and analytical requirements. Activities include detailed log analysis, network traffic monitoring, and vulnerability risk assessment. The individual will be expected to conduct assessments of tools and systems to identify vulnerabilities, and work with internal and external technical stakeholders to identify solutions. The individual will support the detection, monitoring, correlation, remediation, and review of cyber threat activity. Understand the details of advanced persistent threats that impact a network with an in-depth knowledge and ability to analyze, track, correlate, trend, and report on the TTPs utilized and countermeasures to secure, operate and defend. 

 

Able to follow the entire targeting life cycle by engaging in exploitation of requirements collection, data analysis, summary and documentation, and actionable information dissemination. Able to identify, triage and exploit data collections. 

 

KEY RESPONSIBILITIES 

 

Provide End Point Analyst support. 

 

Assist with attribution efforts related to cyber activity. 

 

Analyzing malicious network activity to determine weaknesses exploited and exploitation methods on system and information. 

 

Assess network topology and device configurations to identify critical security concerns and providing recommendations. 

 

Review, correlate, and report on high priority endpoint related to threats and vulnerabilities to identify similar events, malicious tradecraft, TTPs of malicious activity, and indicators utilized to impact or target specific networks. 

 

Use a variety of tools and methods to extract information of foreign intelligence, counterintelligence and targeting value from digital data. 

 

Create a range of products that inform operations, drive targeting and collection, contribute to intelligence products, and support multiple customer needs. 

 

Work with a team to analyze existing software applications and tools; and recommend new technologies and methodologies to improve team performance. 

 

Write and update technical documentation such as user manuals, system documentation, training materials, processes and procedures. 

 

Collaborate cross-functionally with data scientists, engineers, developers, targeters, and analysts. 

 

Provide recommendations for continuous improvement. 

 

Work alongside other team members to sustain and advance our organization’s capabilities. 

 

EDUCATION AND EXPERIENCE 

 

Bachelor's degree in Computer Science, Information Technology, or other related discipline, or equivalent combination of education, technical certifications, training, and work/military experience. 

 

15 years of applicable experience with Networks. 

 

REQUIRED QUALIFICATIONS 

 

Experience conducting network traffic analysis. 

 

Prepare a range of tailored products that embody and explain findings 

 

Ability to sift through large amounts of unstructured data for key data points (i.e., metadata and artifacts). 

 

Demonstrated knowledge of incident response, containment, and mitigation 

 

Knowledge of common cyber-attack methods. 

 

Previous tools experience working with endpoint detection and response tools (ESS, Cisco AMP, Cortex XDR, Forti EDR, Sophos, Carbon Black EDR) 

 

Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types). 

 

Expert knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open-source information collection) 

 

Expert knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis. 

 

Demonstrated experience conducting detailed log analysis and system monitoring to understand system status, detect system breaches, and identify other system anomalies. 

 

Demonstrated experience performing vulnerability identification, risk analysis, and remediation. 

 

Ability to triage, review, identify, and correlate items of interest from numerous all source datasets. 

 

Ability to evaluate worldwide security events to assess system impact and/or risk (e.g., zero day exploits, hardware failures, and/or cyber-attacks). 

 

Ability to identify and document information that can fill critical gaps. 

 

Create new methodologies / algorithms for data analysis and correlation. 

 

Create entity / object profiles and derived data sets that enable future opportunities and analytical efforts. 

 

Experience with technical collection abilities. 

 

DESIRED QUALIFICATIONS 

 

Experience with scripting to triage large data sets 

 

Strong understanding of VPNs, VLANs, and TCP/IP. 

 

Experience with OS hardening using tools such as CIS-CAT. 

 

Ability to work independently with minimal supervision. 

 

Experience with navigating an enterprise security accreditation process. 

 

Demonstrated experience and understanding of network monitoring tools (e.g Splunk, WSUS, Snare, Wireshark, and Solarwinds). 

 

Technical targeting experience. 

 

Russian Language skills or demonstrated knowledge of the EE AOR