Cyber Network Security Analyst (CISA)
SteamPunk

Job Info

---

Overview

Steampunk is seeking experienced Cyber Network Security Analyst to support our Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) clients. CISA leads the national effort to understand, manage, and reduce risk to critical infrastructure. CISA is charged with leading theNation's strategic and unified work to assure the security and resilience of the nation's cyber systems, protecting the American way of life.
Contributions

You will be a critical teammate in CISA Threat Hunting's Network Analysis team performing technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (i.e. netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types). You will be triaging IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure; and preparing analysis reports detailing background, observables, analysis process & criteria, and conclusions.

The ideal candidate will have experience:

• Working in a high operational tempo, highly collaborative, mission focused and classified environment.
• Participating in briefings to provide expert guidance on observed activity and will act as an escalation point for analysts

• Authoring reports and/or interfacing with customers and CISA/ CSD leadership for ad-hoc requests

Key contributions of this role include:

• Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity.
• Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics.
• Document key event details and analytic findings in analysis reports and incident management systems.

• Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletins.
• Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systems.
• Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data types.
• Develop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performance.
• Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysis.

• Provide technical assessments of cyber threats and vulnerabilities.
• Communicate and collaborate with analysts from other SOC organizations to investigate cyber events.
• Produce final reports and review incident reports from junior analysts.
• Monitor and report on trends and activity on network sensor platforms.
• Produce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.).

Qualifications

• Bachelor's Degree and a minimum of5 years related technical experience required. An additional 4 years of experience may be substituted in lieu of degree.
• Active Top Secret Security Clearance with SCI eligibility is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employment.

• Working knowledge of security concepts, protocols, processes, architectures and tools (vulnerabilities, threats and exploitation, authentication & access control technologies, threat intelligence data and sources, WHOIS and DNS referential data and sources, intrusion detection/prevention capabilities, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc).
• Working knowledge of networking concepts, protocols and architectures (OSI-model, TCP/IP, major application protocols such as DNS/HTTP/SMTP, LAN/WANs, VPNs, routers/routing, addressing, etc).
• Detailed knowledge of intrusion detection engines, capabilities and signature formats in general, with a specific focus on Snort/Sourcefire variations and regular expressions (REGEX).
• Ability to produce results in a fast-paced environment with the ability to meet iterative deadlines.

"Nice to Have" Experience and Skill Sets:

• Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and challenges in these structures.
• Awareness of the common cyber products and services, an understanding of their limitations, and a comprehensive understanding of the disciplines of cybersecurity.

About steampunk

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers - and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.

This job has expired.