Cyber Network Security Analyst

Company: Catapult Consultants
Location: Arlington
Posted on: February 22, 2021

Job Description:

Catapult Consultants is now hiring a Principal Cyber Network Security Analyst to support one of our customers.Key Responsibilities: * Perform technical analysis on a wide range of cybersecurity issues, with a focus on network activity and data; this includes, but is not limited to: network flow (i.e. netflow) or related forms of session summary data, signature-based IDS alert/event data, full packet capture (PCAP) data, proxy and application server logs (various types)* Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, diagnose observed activity for likelihood of system infection, compromise or unintended/high-risk exposure. Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions* Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity* Leverage lightweight programming/scripting skills to automate data-parsing and simple analytics* Document key event details and analytic findings in analysis reports and incident management systems* Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting and published technical advisories/bulletins* Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in monitoring systems* Recommend detection and prevention/mitigation signatures and actions as part of a layered defensive strategy leveraging multiple capabilities and data types* Develop IDS signatures, test and tune signature syntax, deploy signatures to operational sensors, and monitor and tune signature and sensor performance* Fuse open-source threat & vulnerability information with data collected from sensors across the enterprise into cohesive and comprehensive analysis* Provide technical assessments of cyber threats and vulnerabilities* Communicate and collaborate with analysts from other SOC organizations to investigate cyber events* Produce final reports and review incident reports from junior analysts* Monitor and report on trends and activity on network sensor platforms* Produce and update technical analysis documentation (processes, procedures, analysis criteria, report templates, etc.)Basic Qualifications: To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:* Working knowledge of security concepts, protocols, processes, architectures and tools (vulnerabilities, threats and exploitation, authentication & access control technologies, threat intelligence data and sources, WHOIS and DNS referential data and sources, intrusion detection/prevention capabilities, network traffic analysis, SIM technology, incident handling, media/malware analysis, etc)* Working knowledge of networking concepts, protocols and architectures (OSI-model, TCP/IP, major application protocols such as DNS/HTTP/SMTP, LAN/WANs, VPNs, routers/routing, addressing, etc)* Detailed knowledge of intrusion detection engines, capabilities and signature formats in general, with a specific focus on Snort/Sourcefire variations and regular expressions (REGEX)* Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they interrelate and interact, and challenges in these structures* Awareness of the common cyber products and services, an understanding of their limitations, and a comprehensive understanding of the disciplines of cybersecurity* Ability to produce results in a fast-paced environment with the ability to meet iterative deadlinesPreferred Skills: Candidates with these preferred skills will be given preferential consideration:* Experience working within the Federal government technology community a plus* DODD 8570 Level II certification (SANS certifications, CISSP)* Experience leading and managing within SOC/NOC operations* Familiarity with Kill Chain for incident response* Familiarity with incident response products and best practices* Experience with database (e.g. MS Access, SQL) and/or portal administration (e.g. SharePoint)Required Education and years of experience: Bachelor's Degree in Computer Science or a related technical field and a minimum of 5 years related technical experience. An additional 4 years of experience may be substituted in lieu of degreeClearance Level: Active Top Secret Security Clearance with SCI eligibility is required. In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation (EOD) for continued employmentPowered by JazzHRDv4XDsW8UK

Keywords: Catapult Consultants, Yakima , Cyber Network Security Analyst, Professions , Arlington, Washington