• Cyber Hunt & Incident Response Analyst – TO 31

    Job Locations US-VA-Arlington
    Job ID
    2018-1395
    Clearance Level
    Top Secret/SCI
  • Overview

    • Perform analysis on hosts running on a variety of platforms and operating systems, to include,
      but not limited to, Microsoft Windows, Mac Operating System (OS), UNIX, Linux, as well as
      embedded systems and mainframes.
    • Monitor open source channels (e.g. vendor sites, Computer Emergency Response Teams,
      SysAdmin, Audit, Network, Security (SANS) Institute, Security Focus) to maintain a current
      understanding of Computer Network Defense (CND) threat condition and determine which
      security issues may have an impact on the enterprise.

    Responsibilities

    • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic
      logs, firewall logs, and intrusion detection system logs) to identify possible threats to network
      security.
    • Leverages tools including Tanium, FireEye suite, GRR, Volatility, SIFT Workstation, MISP, and/or
      Bro as part of duties performing cyber incident response analysis.
    • Track and document CND hunts and incidents from initial detection through final resolution.
    • Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to
      enable mitigation of potential CND hunts and incidents within the enterprise.
    • Perform forensically sound collection of images and inspect to discern possible
      mitigation/remediation on enterprise systems.
    • Perform real‐time CND hunt and incident handling (e.g. forensic collections, intrusion
      correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable
      Hunt and Incident Response Teams (IRTs).
    • Write and publish CND guidance and reports (e.g. engagement reports) on incident findings to
      appropriate constituencies.
    • Receive and analyze network alerts from various sources within the enterprise and determine
      possible causes of such alerts.
    • Utilizes data analytics tools including Splunk to make sense of machine data in performing
      responsibilities.
    • Correlate incident data to identify specific vulnerabilities and make recommendations that
      enable expeditious remediation.

    May be required to travel up to 25% of time.

    Qualifications

    Required Education:

     

    • Bachelor’s degree in a technical discipline with a minimum of 3 years related technical
      experience. 

     

    Required Experience:

     

     

    Required Clearance:

     

    • Active Top Secret Security Clearance with the ability to obtain a TS/SCI is required. In addition,
      selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

    Desired Qualifications:

     

    • Familiar with network analytics including Netflow/PCAP analysis.
    • Understanding of cyber forensics concepts including malware, hunt, etc.
    • Understanding of how both Windows and Linux systems are compromised.

     About Aveshka:

    Aveshka is a professional services firm focused on addressing our nation’s most complex threats and challenges. As a small business we’re committed to supporting our clients’ missions with services delivered by our diverse and experienced staff. With expertise in cybersecurity, emergency preparedness, and public health, our experience base spans federal, state, and local governments, as well as private sector entities.

     

    Aveshka encourages collaborative communication and ongoing learning.  Some of our benefits include:

     

    • Extensive training programs
    • Gym membership reimbursement
    • Education reimbursement
    • Technology benefits
    • Commuter benefits
    • Generous paid time off and much more!

     

    Aveshka is an Equal Opportunity Employer (EOE)

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed