Vacancy caducado!
ECS is seeking multiple
Cyber Security Analysts (all levels) to work in our Colorado Springs, CO office. Please Note: This position is contingent upon contract award. Job Description: ECS, an award-winning, global security leader, is expanding our team of cyber experts. Entry to advanced positions are available. All positions include career development/progression, paid training and certs, industry-leading benefits, and opportunity to provide critical mission defense to our country. Level 1 Cyber Analyst: Minimum 1 year experience.- Operating in a command-line environment
- Basic familiarity with multiple operating systems relevant to our customer environments (Windows, Mac, Linux) and the similarities and differences in network traffic generated in each
- Familiarity with basic security concepts and terminology such as the CIA triad, industry best practices, risk, vulnerability, threat, attack vectors, encryption, encoding, and various types of threat actors
- Knowledge of protocols at layers 2 and higher in the OSI model, to include ARP, TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use the well-known ports
- Experience processing IDS alerts and identifying incidents and events in customer data
- Ability to conduct packet level analysis using tcpdump or Wireshark on the session and surrounding traffic of an IDS alert
- Capability to perform basic IDS (Snort, Suricata, Bro/Zeek, etc.) rule creation and tuning based on indicators in network traffic
- Basic technical writing skills for incident report writing, customer interaction, and process documentation
- Able to accurately transcribe and implement indicators into our environment
- Able to consume policy documentation and determine applicability in a network
- Intermediate command line experience that includes chaining Unix utilities such as sed, awk, and grep together
- Intermediate IDS (Snort, Suricata, Bro/Zeek, etc.) creation and tuning, to include performing impact analysis on customer environments and review and correction of Tier I rules
- Analysis of alert traffic plus surrounding traffic to provide context to inform analysis
- Ability to consume open and closed source and search indicators in customer data, then generate new IDS configurations for future detection
- Basic hunt experience that includes sifting non-alert-based traffic and deriving meaningful results in the absence of corresponding OSINT
- Basic vulnerability awareness and able to determine applicability to customer environments, using data to establish attack attempts and success/failure
- Maintaining current threat awareness
- Ability to analyses complex (multipacket, multi-vector, multi-exploit, large volume) traffic and derive meaningful conclusions
- Self-directed research, development, customization, or other contributions to process improvement
- Continual enrichment of IDS and moderate ability to tune on the fly
- Ability to self-educate with non-comprehensive or incomplete documentation on new concepts, protocols, and data formats
- Expert at operating in a command-line environment, to include chaining utilities, complex commands integration of tcpdump to analyse novel protocols, IP protocols, and protocols outside the scope of IDS operation or detection
- Advanced Snort capabilities, to include identifying flaws in existing rules, customization and optimization, correction of third party rules, review and correction of Tier I and Tier II rules
- Basic scripting and development to fill capabilities gaps
- Generate and maintain technical documentation for retaining institutional knowledge
- Ability to critically read and update technical documentation with regular, periodic reviews to ensure currency
- Periodic and systematic review of indicators and rules to ensure the IDS is up to date and streamlined, with non-relevant indicators being cleared
- Ability to analyse new or novel system logs or network traffic and to make meaningful hypotheses about them, absent corresponding open source information available
- Able to explain complex technical topics in layman's terms to effectively communicate with nontechnical participants
- Operationalize projects such as new tools moved into production, new detection methods shared with the DoD community
- Daily consumption of domestic and international news from multiple sites, awareness of the differing biases / slants in presentation of the sites, able to conduct additional research for historical context into particular international situations in order to drive analysis
- Clearance: TS w/ SCI eligibility is required to start.
- Certifications: Completed DoD 8570 for IAT-I required to start.
- Familiarity and background with the following technologies/tools: Snort, Suricata, Bro/Zeek.
- Experience in one or more computing environments: Windows, Mac, Linux.
- Bachelors Degree Preferred
Vacancy caducado!