Senior Cyber Security Fusion Analyst
Leidos
- Odenton, MD
- Permanent
- Full-time
- Leverage an array of network monitoring and detection capabilities (including netflow, custom application protocol logging, signature-based IDS, and full packet capture (PCAP) data) to identify cyber adversary activity.
- Support the development of Cyber Fusion standard operating procedures (SOPs), and Cyber Fusion Framework and Methodology based on industry best practice and department of defense instruction, guidance, and policy.
- Identify threats to the enterprise and provide mitigation strategies to improve security, and reduce the attack surface.
- Perform analysis by leveraging serialized threat reporting, intelligence product sharing, OSINT, and open source vulnerability information to ensure prioritized plans are developed.
- Analyze and document malicious cyber actors TTPs, providing recommendations and alignment to vulnerabilities and applicability to the enterprise operational environment.
- Discover adversary campaigns, anomalies and inconsistencies in sensor and system logs, SIEMs, and other data.
- Identify, investigate and rule out system compromises, with the capacity to provide written analytic summaries and attack life cycle visualizations.
- Provide risk assessments and recommendations based on analysis of technologies, threats, intelligence, and vulnerabilities.
- Offer recommendations to adjust enterprise or tactical countermeasures to for threats impacting the DODIN.
- Collect analysis metrics and trending data, identify key trends, and provide situational awareness on these trends.
- Active DoD TS/SCI Clearance and eligible for polygraph
- Bachelor’s Degree in related discipline and 12 years of related experience. Additional experience may be accepted in lieu of degree
- Security+ Certification (or other equivalent DoD 8570 Level II certification)
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies.
- Proficiency with datasets, tools and protocols that support analysis (e.g. passive DNS, Virus Total, Recorded Future, TCP/IP, OSI, WHOIS, enumeration, threat indicators, malware analysis results, Wireshark, Splunk, Arcsight etc.).
- Experience with various open-source and commercial vendor portals, services and platforms that provide insight into how to identify and/or combat threats or vulnerabilities to the enterprise.
- Proficiency working with various types of network data (e.g. netflow, PCAP, custom application logs)
- Experience with the DISN and other DOD Networks.
- Skilled in building extended cyber security analytics (Trends, Dashboards, etc.).
- Demonstrated experience briefing Senior Executive Service (SES) and General Officer/Flag Officer (GO/FO) leadership.
- Experience in intelligence driven defense and/or cyber Kill Chain methodology.
- IAT Level III and IAM Level II+III Certifications