Tetrad Digital Integrity LLC

  • Computer Network Defender

    Job Locations US-DC
    Posted Date 7 days ago(1/9/2019 3:30 PM)
    ID
    2018-1170
    # of Openings
    1
  • Overview

    The Computer Network Defender will monitor, track, and communicate reported events for numerous different security platforms, operating systems, databases, and management systems. They will investigate and identify the root cause behind security incidents throughout all stages of the cyber kill chain, develop/communicate a timeline for resolution, and identify multiple scenarios based on the investigation. The Computer Network Defender will also perform regular continuous monitoring of events across platforms, operating systems, databases, and management systems. 

    Responsibilities

    • Analyze raw data sources to extract, institutionalize, and document actionable events
    • Document the flow of data and identify multiple distinct data sources where suspicious behavior can be identified – must also be able to identify supplemental sources where similar data may be found
    • Communicate and collaborate with colleagues to investigate incidents
    • Investigate incidents both from a network and host/application level
    • Improve and implement indicators and protections across platforms, operating systems, databases, and management systems.
    • Generate reports on a scheduled basis to document findings and remediation efforts, to include recommendations to the system owners.
    • Design and implement dashboards and reports; create rapid prototypes
    • Work with the system owners to remediate security issues derived through external and internal assessments.
    • Develop processes to proactively address security risks and develop reporting dashboards in the organization’s security systems to continuously track progress.
    • Work in an Integrated Operations Center with other business units to assist in incidents on behalf of Cybersecurity
    • Reports detailing event results and remediation efforts.
    • Maintain a list of tracked protective measures for applicable systems – both active and removed.
    • Remediation recommendations to systems not controlled by INFOSEC.
    • Document Standard Operating Procedures when performing required duties.
    • Other documentation as needed or requested.

    Qualifications

    • Demonstrated program level experience supporting network defense and strategies;
    • Concepts of TCP/IP, network fundamental, network security, NetFlow and knowledge of tools such as Wireshark and Snort IDS, 
    • Knowledge of Bro and Security Onion.
    • 2-3 years using Splunk to conduct network forensic analysis and network security monitoring.
    • Knowledge of Fireeye’s product suite such as EMP and HX.
    • A solid understanding of the current threats and tactics being used to attack systems, such as ransomware and phishing analysis.
    • Ability to develop, document, and maintain use cases through Splunk or other SEIM technologies 
    • Working knowledge of the Windows Operating System with the ability to identify common and unexpected processes, network events, etc.
    • Ability to generate a record of an investigation within an incident ticketing/tracking system
    • Ability to safely handle a potentially malicious file and perform basic analysis
    • Proficiency in writing Regular Expressions to extract data in Splunk via search-time and index-time extraction
    • Ability to work in a high-pressure environment with changing priorities.
    • Experience supporting the full lifecycle of indicators of compromise and signature process, to include development of security documentation;
    • Ability to communicate effectively, both orally and in writing, with information technology professionals, and technical and non-technical users;
    • Bachelor’s degree in related field (i.e., Computer Science, Information Systems Management) and minimum of five (5) years of relevant IT security related work experience 
    • In lieu of a Bachelor’s degree, proposed staff should have at least eight (8) years of IT security experience.
    • Certified Information Systems Security Professional (CISSP) and/or Cisco Certified Network Administrator (CCNA) and/or Checkpoint Certified Security Administrator (CCSA) and/or Checkpoint Certified Security Expert (CCSE) certification(s) is a plus.
    • Required: Ability to pass a detailed criminal background check.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed