Description
Looking for an opportunity to make an impact?
Leidos seeks qualified and trained Computer Network Defense/Incident Response Analyst supporting Marine Corps Cyberspace Warfare Group (MCCYWG). Subordinate to U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER), the MCCYWG mission is to enhance the Marines' capabilities in cyberspace, including offensive and defensive operations, intelligence gathering, and ensuring the security of Marine Corps networks, underpinning MARFORCYBER vision of being the nation’s force of choice to defend cyber equities, enable freedom of action, and provide effects in Cyberspace domain. Computer Network Defense (CND) analyst will perform analysis of actions taken by malicious actors in order to determine initial infection vector, establish a timeline of activity, and any data loss associated with incidents, and shall perform CND incident triage, to include: determining, urgency, and potential impact; identifying the specific vulnerability; and making written recommendations that enable expeditious remediation.
Primary Responsibilities
- Monitor architecture, administration, and operation of comprehensive monitoring solutions for
enterprise network, hosts and user for the detection, monitoring, and removal of threats as
directed by the appropriate authority
- Integrate and manage SIEM and SOAR platforms, such as Elastic, Splunk, Sentinel, and other open-source or government provided solutions
- Create and maintain comprehensive incident response playbooks to streamline response activities, ensuring consistent and efficient responses
- Correlate data from multiple sources, including host, network, user, and intelligence reports, to uncover threats
- Collect, aggregate, and interpret log data from various sources
- Configure, manage, and optimize Network Intrusion Detection Systems and Host-based Intrusion Detection Systems, to include fine-tuning security rule sets for tools such as Suricata, Snort, Yara, and Sigma
- Conduct deep packet inspection and identification of malicious traffic using packet analysis tools, such as Wireshark or Network Miner
- Employ hardware configuration and design deployable network kits that include switches,
routers, taps, hypervisors, and network storage devices to ensure seamless integration and optimal performance
- Analyze current state of organizational cyber security policies, certification and accreditation packages, programs, procedures, and provide expert recommendations for improvement based on industry best practice
- Implement and maintain firewalls, VPNs, and security controls to secure network perimeter
- Perform static and dynamic malware analysis to determine the function of unknown binaries
and identify unique characteristics, leading to the development of indicators of compromise
- Utilize advanced network and host forensic techniques, such as dead disk forensics, memory
forensics, and registry forensics, using tools such as Kape, Autopsy, Volatility, FTK, and
Encase
- Conduct threat hunting to identify advanced persistent threats and zero-day vulnerabilities using various threat hunting methodologies
- Perform Cyber Threat Emulation to assess security tools to, test mitigations, evaluate controls, and evaluate local defender procedures in a controlled environment
- Train and develop Cyber Protection Team (CPT) personnel on foundational areas such as network and host analysis, JQR, Mission qualification, and KSA’s related to their assigned work role
- Apply Defensive Cyber Operations (DCO) and Offensive Cyber Operations (OCO) concepts and applications to mission analysis and utilizing them to develop concepts of employment for the CPT and assist in pre-mission planning activities.
- Provide input into DCO mission products such as pre-mission planning briefs, situation reports, post mission documentation, after action reports and lessons learned at the conclusion of events such as operations, exercises, and training.
- Utilize various threat intelligence sources to improve security posture and provide input into pre-mission product development.
- Provide Python Programming, PowerShell Programming, and Script Development
- Coordinate with and provide expert technical support to enterprise-wide CND technicians to document CND incidents, correlate incident data to identify specific vulnerabilities, and make recommendations enabling remediation
- Monitor external data sources (e.g., computer network defense vendor sites, Computer Emergency Response Teams, Storage Area Networks (SANs), Security Focus), update the CND threat condition, and determine which security issues may have an impact on the enterprise.
- Analyze log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security, and perform command and control functions in response to incidents.
- Mentor mid-level and junior staff
Basic Qualifications
- Current Top Secret security clearance and eligible for SCI access, w/Counterintelligence (CI) Polygraph or eligible for polygraph. No polygraph is required at the following remote locations: Tampa, FL; Quantico, VA; Fort Liberty, NC; and Scott AFB, IL.
- BS in Computer Science or related field and 5-8 yrs. experience providing CND & Incident Response support to the DoD or Intelligence Community
- DoD IAT level III or CSSP Incident Responder certification with documented additional education, specialization or certification in one of the technologies or tools listed below:
-- 5 years of experience in 8 or more of the 13 below:
-- System Architecture
- Network Engineering
- Systems Engineering
- Virtual Environments
-- Scripting
- Powershell
- Python
- RegEx
-- Forensics
- Dead disk and memory interrogations
- Malware analysis/reverse engineering
- Posses extensive knowledge of the following:
-- Very Small Aperture Terminal (VSAT) satellite communications systems
-- Digital forensics exploitation methods for Windows, MAC OS, Linux, mobile devices, and
internet of things (IOT) software and firmware
-- Wireless network detection, assessment, and collection
-- Zero Trust Architecture
-- USMC C2 systems such as CAC2S, AFATDS, and CLC2S
- Demonstrate proficiency with the following government-provided technology:
-- Acunetix
-- Adobe
-- Armitage Cobalt Strike
-- FireEye
-- Fluke Networks Air Magnet
-- FResponse,
-- Encase Guidance Software,
-- Hey Rays IDA Pro,
-- IBM-provided hardware and software
-- McAfee Advanced Threat Defense,
-- Network Miner Pro
-- Palo Alto
-- Burp Suite Professional
-- Metasploit Rapid 7
-- Red Seal
-- VMWare
-- Domain Tools
-- Virus Total
-- Microsoft Products.
- Ability to provide timely, accurate, relevant analytic documents, summaries, issue papers, talking points, and briefings.
- Demonstrated proficiency working in a fast-paced collaborative environment, ability to proactively multi-task and meet short deadlines
- Strong interpersonal, critical thinking, and communication skills, including the ability to clearly convey complex and technical data to nontechnical consumers
Preferred Qualifications
- Masters’ degree in Computer Science or related field and 8-12 yrs. experience providing CND & Incident Response support to the DoD and IC
- Additional Preferred Experience:
-- ICS/SCADA Systems
-- Cloud Environments
-- Database Administration
-- Hunt Methodologies
-- SEIM Operations (Splunk/Security Onion)
- Prior experience supporting MARFORCYBER in any capacity
- Prior experience with USMC support to Joint operations across multiple warfighting domains
Original Posting Date:2024-02-19While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:Pay Range $122,200.00 - $220,900.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Original Posting Date:02/16/2024While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.