Cyber Threat Analyst

Cyber Threat Analyst - IVQty: 1Desired Start Date: 6/22/2023.End Date: 9/30/2023.Clearance Level: Public TrustThe CISO Operations portfolio needs a Cyber Threat Analyst supporting its CSOC Support Team (CST) program. This resource will be working directly with the Threat Management / Threat Hunt Team to identify and assess the capabilities and activities of cyber criminals and/or foreign intelligence entities; produce analysis to help initialize and/or support law enforcement as well as counterintelligence activities and investigations.Strong working knowledge of: Cyber Threat Intelligence Analysis and Reporting Cyber Defense Techniques Adversary Tactics, Techniques, and Procedures (TTPs) Boolean Logic TCP/IP Fundamentals Network Level Exploits Threat Management Excellent oral and written communication skills Excellent interpersonal and organizational skills Experience in Operations Centers, Incident Response,Threat Hunting, and Cyber Forensics are a plus Tasks will include the following: Ability to perform Threat Hunting within domains/networks utilizing Cyber Forensics resources. Characterize and analyze network traffic to identify anomalous and potential threats to network resources. Coordinate with enterprise-wide cyber defense staff to validate network alerts. Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause on-going and immediate impact to the environment. Perform cyber defense trend analysis and reporting. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of and observed attack. Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. Determine tactics, techniques, and procedures (TTPs) for intrusion sets. Conduct research, analysis, and correlation across a wide range of variety of all source data sets (indications and warnings). Isolate and remove malware. Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan. Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. Work with stakeholders to resolve computer security incidents and vulnerability compliance. Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. Knowledge, Skills, and Abilities (KSAs)Knowledge: Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of cyber threats and vulnerabilities. Knowledge of specific operational impacts of cybersecurity lapses. Knowledge of authentication, authorization, and access control methods. Knowledge of cyber defense and vulnerability assessment tools and their capabilities. Knowledge of database systems. Knowledge of incident response and handling methodologies. Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. Knowledge of information technology (IT) security principles and methods (e.g. firewalls, demilitarized zones, encryption). Knowledge of network traffic analysis methods. Knowledge of new and emerging information technology (IT) and cybersecurity technologies. Knowledge of operating systems. Knowledge of security system design tools, methods, and techniques. Knowledge of Virtual Private Network (VPN) security. Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities. Knowledge of adversarial tactics, techniques, and procedures. Knowledge of network tools (e.g., ping, traceroute, nslookup). Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WMAN). Knowledge of file extensions (e.g. .dll, .bat, .zip, .tar, .gzip, etc.). Knowledge of interpreted and compiled computer languages. Knowledge of cyber defense and information security policies, procedures, and regulations. Knowledge of common attack vectors on the network layer. Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge of network systems management principles, models, methods (e.g. end-to-end systems performance monitoring), and tools. Knowledge of Personally Identifiable Information (PII) data security standards. Knowledge of Payment Card Industry (PCI) data security standards. Knowledge of packet-level analysis using appropriate tools (e.g. Wireshark, tcpdump). Knowledge of operating system command-line tools. Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of how to use network analysis tools to identify vulnerabilities. Skills: Skill in using incident handling methodologies. Skill in collecting data from a variety of cyber defense resources. Skill in recognizing and categorizing types of vulnerabilities and associated attacks. Skill in performing packet-level analysis. Skill in conducting trend analysis. Abilities: Ability to analyze malware. Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Ability to interpret the information collected by network tools (e.g., Nslookup, Ping, and Traceroute). EXPERIENCE LEVEL: 7 years' experience working in the areas of (intelligence, information security, network forensics, insider threat). EDUCATION: BA/BS in computer science, international relations, information security, or a related field or equivalent experience. Master's degree is preferred. CERTIFICATIONS: (One or more required) One or more of the following Certification(s): CISSP, CISA, CISM, GIAC, RHCE. Additional Provisions: Must be able to obtain a Position of Public Trust Clearance Pass both a client mandated clearance process to include drug screening, criminal history check and credit check. Once candidate's resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process. If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance. All candidates must be a US Citizen or have permanent residence status (Green Card). Candidate must have lived in the United States for the past 5 years. Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.) All overtime must be pre-approved in writing by the client manager or his/her designated representative. Agency will not be reimbursed for overtime charges without previous written authorization. Authorized overtime will be reimbursed at straight time. The enforced dress code is business casual, i.e., collared shirt with slacks for men, no skirts above the knee for women. ABBTECH is an EOE/Minorities/Women/Disabled Individuals/Veterans.