Engineer Systems III, SEY3/ CND / Incident Response Analyst
Fort Meade, MD, United States
Applications have closed
Peraton
Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly...Responsibilities
Are you looking for an Engineer Systems III, SEY3/ CND / Incident Response Analyst role?
This is what you'll get to do:
- Architecture, administration, and operation of comprehensive monitoring solutions for enterprise network, hosts and user for the detection, monitoring, and removal of threats as directed by the appropriate authority.
- Integration and management of SIEM and SOAR platforms, such as Elastic, Splunk, Sentinel, and other open-source or government provided solutions.
- Creation and maintenance of comprehensive incident response playbooks to streamline response activities, ensuring consistent and efficient responses.
- Correlation of data from multiple sources, including host, network, user, and intelligence reports, to uncover threats.
- Collection, aggregation, and interpretation of log data from various sources.
- Configuration, management, and optimization of Network Intrusion Detection Systems and Host-based Intrusion Detection Systems, to include fine-tuning security rule sets for tools such as Suricata, Snort, Yara, and Sigma.
- Deep packet inspection and identification of malicious traffic using packet analysis tools, such as Wireshark or Network Miner.
- Hardware configuration and design of deployable network kits that includes switches, routers, taps, hypervisors, and network storage devices to ensure seamless integration and optimal performance.
- Analysis of the current state of organizational cyber security policies, certification and accreditation packages, programs, procedures, and provide expert recommendations for improvement based on industry best practice.
- Implementation and maintenance of firewalls, VPNs, and security controls to secure a networks perimeter.
- Both static and dynamic malware analysis to determine the function of unknown binaries and identify unique characteristics, leading to the development of indicators of compromise.
- Advanced network and host forensic techniques, such as dead disk forensics, memory forensics, and registry forensics, using tools such as Kape, Autopsy, Volatility, FTK, and Encase.
- Threat hunting to identify advanced persistent threats and zero-day vulnerabilities using various threat hunting methodologies.
- Perform Cyber Threat Emulation to assess security tools to, test mitigations, evaluate controls, and evaluate local defender procedures in a controlled environment.
- Training and development of CPT personnel on foundational areas such as network and host analysis, JQR, Mission qualification, and KSA’s related to their assigned work role.
- Applying DCO and Offensive Cyber Operations (OCO) concepts and applications to mission analysis and utilizing them to develop concepts of employment for the CPT and assist in pre-mission planning activities.
- Provide input into DCO mission products such as pre-mission planning briefs, situation reports, post mission documentation, after action reports and lessons learned at the conclusion of events such as operations, exercises, and training.
- Utilization of various threat intelligence sources to improve security posture and provide input into pre-mission product development.
Qualifications
Basic Qualifications:
- Active/Current Top-Secret/SCI with polygraph
- Minimum of Bachelor's Degree from an accredited college or university
- Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
- In-depth knowledge of each phase of the Incident Response life cycle
- 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD of related experience.
Preferred/Desired Qualifications:
- IAT level III or CSSP Incident Responder certification with documented additional education, specialization, or certification in one of the technologies or tools listed below. (JELC)
- 5 years of experience in 8 or more of the 13 below:
- System Architecture
- Network Engineering
- Systems Engineering
- Virtual Environments
- Scripting
- Powershell
- Python
- RegEx
- Forensics
- Dead disk and memory interrogations
- Malware analysis/reverse engineering
- Additional Preferred Experience
- SCADA Systems
- Cloud Environments
- Database Administration
- Hunt Methodologies
- SEIM Operations (Splunk/Security Onion)
- System Architecture
Peraton Overview
Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our employees do the can’t be done, solving the most daunting challenges facing our customers.
Target Salary Range
$112,000 - $179,000. This represents the typical salary range for this position based on experience and other factors.Tags: Autopsy Cloud CND DCO EnCase Firewalls Forensics Incident response Intrusion detection Malware Monitoring OCO PhD Polygraph PowerShell Python Reverse engineering SCADA Scripting Sentinel SIEM Snort SOAR Splunk Threat intelligence TTPs VPN Vulnerabilities Zero-day
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.