SUMMARY: This position is responsible for identifying, analyzing, and mitigating threats to internal information technology (IT) systems and/or networks. Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. Investigates information security events or crimes related to information technology (IT) systems, networks, and digital evidence.
REQUIREMENTS: Education: Minimum 2-year degree (or equivalent experience) in computer science, engineering, information systems, security, or another other technical area.
Experience: Required skills/qualifications: Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles. Knowledge of (and a strong desire to learn) common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.). Rudimentary understanding of (and a strong desire to learn) common security technologies (IDS, Firewall, SIEM, etc.). Exceptional organizational abilities and attention to detail. The ability to think creatively to find elegant solutions to complex problems. Excellent verbal and written communication skills. The desire to work both independently and collaboratively with a larger team. A willingness to be challenged along with a strong appetite for learning.
Role Specific Responsibilities: Responsibilities and duties include but are not limited to the following: Reference NIST SP 800-181. Work Role(s): OM-DTA-002, PR-CDA-001, PR-CIR-001, AN-TWA-001, AN-EXP-001, AN-ASA-001, IN-INV-001, IN-FOR-002.
Travel: Some travel may be required; both domestic and international. Amount of travel will be determined by individual project requirements.
Preferred Qualifications: - 1-3 years of experience in Information Security, Security Operations, Incident Response, etc. (or related field).
- Prior experience detecting, analyzing and/or responding to security incidents.
- Demonstrated ability to analyze and correlate information from a wide variety of enterprise technologies.
- Hands-on experience with common security technologies (IDS, Firewall, SIEM, etc.).
- Knowledge of common security analysis tools & techniques. Understanding of common security threats, attack vectors, vulnerabilities and exploits. CompTIA Network+/Security+, GIAC (GCIA, GCIH, GSEC, GCFA, GCFE, etc.), CISSP, CEH or related certification(s) desired.