Full Job Description
Maveris exists to help organizations reach their fullest potential by providing thought leadership in IT and cyber. We have an opening for a full-time, permanent Senior Cyber Defense Analyst to join our talented, dynamic team in support of a large Federal Government customer.
This position is based in Martinsburg, WV or Chicago, IL. Position may afford the opportunity of a part-time telework schedule.
Relocation assistance may be available.
NOTE: This work is currently being performed remotely, due to COVID-19. When this work will again be performed on-site has not yet been determined.
Provide proactive Advanced Persistent Threat (APT) and Focused Operator (FO) hunting, incident response support, and advanced analytic capabilities
Profile and track APT/FO actors that pose a threat in coordination with threat intelligence support teams
Review and analyze log files from various sources such as SIEM, packet captures, and host logs to report any unusual or suspect activities
Develop and execute custom scripts to identify host-based indicators of compromise
Provide targeted attack detection and analysis, including the development of custom signatures and log queries and analytics for the identification of targeted attacks
Determine scope of intrusion identifying the initial point of access or source
Recommend remediation activities to secure the source or initial point of access of intrusion
Communicate effectively to all customers and stakeholders
Provide executive level cyber security strategic recommendations along with security engineering recommendations and custom solutions to counter adversarial activity
Provide technical summary of findings in accordance with established reporting procedures
Provide identification of obfuscation techniques
Knowledge of and ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Knowledge of and ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
Knowledge of and ability to utilize cyber defense and vulnerability assessment tools
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations
Knowledge of adversarial tactics, techniques, and procedures
Knowledge of the common attack vectors on the network layer
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
Skilled in using security event correlation tools
Knowledge of and ability to utilize malware analysis concepts and methodologies
Experience with common threat hunting solutions including Splunk, packet analysis (e.g., Wireshark), Netflow, QRadar or other SIEMs, etc.
An understanding of the MITRE ATT&CK Framework and Cyber Kill Chain methodologies
Experience with threat hunting advanced persistent threats
In depth understanding of NIST SP 800-61, US CERT, and Office of Management and Budget (OMB) standards
Scripting experience, such as Python, PowerShell, etc. is a plus
Strong time management skills with attention to detail
Strong critical thinking skills
Strong interpersonal and collaborative skills, with the ability to work in a team environment
Ability to communicate effectively to both technical and non-technical audiences
Skilled in developing and deploying signatures
Skilled in detecting host and network-based intrusions via intrusion detection technologies
Skilled in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
Skilled in collecting data from a variety of cyber defense resources
Skilled in recognizing and categorizing types of vulnerabilities and associated attacks
Skilled in reading and interpreting signatures (e.g., snort)
Skilled in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
Skilled in performing packet-level analysis
Able to develop content for cyber defense tools
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
Coordinate with enterprise-wide cyber defense staff to validate network alerts
Perform cyber defense trend analysis and reporting
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
Ability to determine tactics, techniques, and procedures (TTPs) for intrusion sets
Ability to conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
Ability to reconstruct a malicious attack or activity based off network traffic
Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
Analyze and report organizational security posture trends.
Analyze and report system security posture trends
Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
Relevant certifications and training preferred:
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensics Examiner (GCFE)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Network Forensic Analyst (GNFA)
GIAC Cyber Threat Intelligence (GCTI)
GIAC Reverse Engineering Malware (GREM)
Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:
401(k) with company match
Paid Time Off