The Employee will provide support for the ongoing analysis of threats capable of impacting resources being serviced by the NSOC CNDSP activity based on review of programmatic, technical, and IA Certification and Accreditation documentation and daily review of open source / unclassified and classified threat warnings and bulletins. Performs cyber intelligence gathering and threat analysis of threats, including nation-state sponsored threats for a large organization. Actively provides in-depth incident analysis. Evaluates security incidents and performs research. Monitors, analyzes and correlates network traffic utilizing the latest in security tools and technology. Reviews threat data from various sources; coordinates with federal leadership, as well as government agencies to provide reporting and situational awareness.
- Perform daily review of cyber threat warnings, bulletins, alerts, and incident reporting documentation and databases produced by the U.S. Government (USG), Department of Defense (DoD) and Intelligence Community (IC).
- Conducts research on emerging security threats; Provides correlation and trending of cyber incident activity.
- Maintains knowledge of adversary activities, including intrusion set tactics, techniques and procedures (TTP).
- Maintains Situational Awareness and reports on advanced threats, including Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
- Communicates events to agencies regarding intrusions and compromises to network infrastructure, applications and operating systems; assists with implementation of counter-measures and mitigating controls.
- Analyzes relevant cyber security event data for attack indicators and breaches that may yield detection/prevention content
- Prepares cyber threat assessments based on threat analysis, coordinates cyber threat tracking with other organizations and the government; assists in developing reports, briefings and assessments to facilitate the understanding of cyber threats.
- Provides expert quality network traffic (PCAP) and Net Flow analysis.
- 5 years of experience performing cyber threat analysis
- Experience with multiple programming languages.
- Experience in software reverse engineering or software development.
- In-depth knowledge of IDA Pro/Debuggers.
- In-depth knowledge of dynamic /static malware analysis and memory analysis.
- In-depth knowledge of Windows Operating System Internals (Kernel, Registry, File System, Windows APIs.
- Supports SOC analysis and incident response as needed.
- Creates and maintains Standard Operating Procedures and other documentation as needed.
- US DOD TS/SCI Security Clearance Required
Job LocationNorth Charleston, South Carolina, United StatesPosition TypeFull-Time/Regular