Cyber Security Analyst - APT Discovery and Hunt

Perspecta - Herndon, VA3.4

Full-timeEstimated: $98,000 - $130,000 a year
Every day at Perspecta, we enable hundreds of thousands of people to take on our nation’s most important work. We’re a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation’s most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselves—to respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers.

Perspecta works with U.S. government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees are rewarded in many ways—not only through competitive salaries and benefits packages, but the opportunity to create a meaningful impact in jobs and on projects that matter.

Perspecta’s talented and robust workforce—14,000 strong—stands ready to welcome you to the team. Let’s make an impact together.

Perspecta is an AA/EEO Employer - Minorities/Women/Veterans/Disabled and other protected categories

Join Perspecta in support of a future contract to provide network security services for an Intelligence Community customer to protect against outside threats. As an APT Discover and Hunt Cyber Security Analyst, you will perform research on Advanced Persistent Threats (APT) using open and classified sources. You will apply intelligence learned from their attacks and use that information to discover possible undiscovered incidents through the creation of new signatures and providing search indicators to network operators. Other responsibilities include: - Using the totality of Information Technology Tools and Data available along with detailed knowledge of the CIA's information systems and defenses to proactively hunt for Advanced Persistent Threat activity which is not detectable using traditional methods and indicators. - Perform Tier 3 Analysis - Develop and utilize "Case Management" process for incident and resolution tracking. The process should also be used for historic recording of all anomalous or suspicious activity. Currently, processes in place now use the JIRA tool. - Work collaboratively with other Cyber Security Analysts and Cyber Forensics Engineers to perform incident response and analysis. - Coordinate with appropriate organizations regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact. - Investigate virus/malware alerts/incidents to determine root cause, entry point of code, damage risk, and report this information as deemed necessary by CIRT Management and the COTR. - Track, on a daily basis, intelligence (both open and classified sources) concerning cyber threats and assist in preparation of a daily report to senior management on the current status of a threat and our ability to counteract that threat. - Generate, track, and report monthly statistics on virus activity both on enterprise networks. - Investigation and analysis of all data sources, to include Internet, Intelligence Community reporting, security events, firewall logs, forensic analysis, and other data sources to identify malware, misuse, unauthorized activity or other INFOSEC related concerns.
Required - A bachelor's degree in computer engineering, computer science, or other closely related IT discipline. If the candidate meets all of the qualifications, skills and experience for this labor category, but lacks a bachelor's degree, then a minimum of eight (8) years' of relevant work experience may be substituted for a bachelor's degree. - Experience with host-based and network-based APT tools like Carbon Black, Splunk, Mandiant MIR, or Tanium. - Minimum of three years' of progressively responsible experience in cyber security analysis, incident response, or related experience - DoD 8570 IAT Level I or higher certification. - Strong analytical and problem solving skills (i.e. the ability to problem solve; ask questions; and discover why things are happening) - Top Secret/SCI w/Poly Desired - Experience with Hewlett-Packard's ARCSIGHT SIEM. - Experience with Splunk. - Experience with an industry leading Endpoint Detection and Response Tools such as but not limited to Carbon Black, EnCase Cybersecurity, or Tanium. - Experience with Intrusion Prevention Systems such as McAfee Network Security Manager, Sourcefire SNORT, or Palo Alto Wildfire. - Experience with a Case Management Tool such as JIRA or ServiceNow.