Tier III Cyber Security SME/ Threat Hunter
Clearance Level Must Currently Possess:No Active Clearance Required
Clearance Level Must Be Able to Obtain:No Active Clearance Required
Job Family:Information Technology
CSRA is seeking a Tier III Cyber Security SME/ Threat Hunter for our GAO client in downtown, Washington, DC.
Help support the Government Accountability Office in its mission to save all US taxpayers money. Our customer is passionate about their mission and we are tasked with keeping their IT services running smoothly, to help them achieve their goals. The auditors in this 4000 user community are subject area experts in all facets of government and industry best practices. We take great pride in supporting their wide scope of technology needs.
Possess in-depth knowledge of network endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure: acts as an incident “hunter.” Not waiting for escalated incidents; closely involved in developing, tuning and implementing threat detection analytics.
Forensic Investigations (Host and Network):
Conducts and/or supervises computer forensic examinations to include the collection, preservation, processing, and analysis of digital evidence. Substantiates or disproves investigative allegations through adherence to the highest level of industry standards associated with the forensic examination of digital media.
Malicious/Anomalous Activity Discovery:
The successful candidate will be responsible for hunting for malicious or anomalous activity across the enterprise, using existing tools. Acts in coordination with current SOC staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and Insider Threat activities within the organization. Maintains the ability to rapidly perform a variety of technical tasks including network traffic analysis, system forensics, malware analysis, and signature generation before moving on to the next area of focus within the enterprise. Provide tailored remediation and counter-measure recommendations to network defenders.
Cyber Incident Response:
Responsible for leading rapidly evolving incident response engagements as a key technical expert and member of the Computer Security Incident Response Team (CSIRT), assisting and responding to incidents in coordination with the security operations center. Acts as subject matter expert on forensic artifacts (network and host-based) as they pertain to system compromises and malware infections. Provides written summaries and analysis of incidents for management review.
Cyber Threat Intelligence Analysis / Staff Awareness:
Works to identify potential and actual cyber threats to GAO systems and networks.
- Highly motivated, interested in the fields of cyber defense and cyber research
- Inquisitive, and able to research new highly technical subjects
- Strong experience with SPLUNK or similar tools
- Prior incident response experience
- Experience with forensic tools including EnCase, FTK, NetWitness, WireShark, or similar
- Familiar with sound forensic principles, techniques, and processes.
- Malware analysis skills, with a general understanding of reverse engineering techniques.
- Advanced understanding of Windows internals and Windows networks.
- Understanding of enterprise networks, security infrastructure, and common network protocols
- Substantial experience with and knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels
- Experience in host and network-based signature development
- Experience with one or more programming languages, preferably at least one high level and one low level language. Examples include Perl, Python, Ruby, Java, C, and x86 ASM
- Penetration testing experience
- SQL Injection
- Desired industry certifications include SAN SEC503, SAN504, SAN561, CEH, and CISSP
- A minimum of 3 years of experience conducting computer forensic examinations, malware analysis and incident response
- Ability to conduct research and development (R&D) of computer forensic and intrusion analysis methods and procedures, malware analysis activities, and complete case reports
- Excellent written and oral communication skills as well as customer service skills are required.
- U.S. citizens/Green card ONLY due to government or federal contract requirement.
DESIRED QUALIFICATIONS: BS or equivalent + 5 yrs related experience, or MS + 3 yrs related experience
# of Openings:1
Scheduled Weekly Hours:40
T elecommuting Options:Telecommuting Not Allowed
Work Location:USA DC Washington - 441 G St NW (DCC003)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.