Posted by: Institute for Defense Analyses on Nov 14, 2017
Under general supervision, defends CCR-P's computers from external and internal attack, and prevents or detects data spillage.
Designs, implements, maintains and monitors controls and procedures to prevent external penetration of CCR-P computer systems, detects advanced persistent threats (APT) and assists to isolate and eliminate them, detects malfeasance by computer users and report insider threats, and detects and reports data spillage. Designs, documents, writes, tests, and deploys programs that continuously monitor CCR-P computer systems for abnormal conditions. Designs, writes, maintains and runs content analysis programs to automatically detect data that may be inadequately protected. Monitors computer security logs, audits trails and intrusion detection flags on a daily basis to detect security anomalies. Reviews and/or sets configuration parameters on defensive computer security and SIEM appliances. In cooperation with system administration staff, runs automated and manual checks to verify that CCR-P system configurations match their specifications. Runs automated vulnerability detection tools and malware detection suites, and analyze the results. Provides forensic and incident response support to CCR-P's Information Systems Security Officer, as required. Performs other duties as assigned.
U.S. Citizenship is required. Bachelor's Degree, or Associate Degree with five years’ experience in IA field. Mastery of Linux command line interface and UNIX file system permissions. Working knowledge of Windows Server operating system and command line tools. Working knowledge of TCP/IP networking. Ability to read, design, and write new Bash scripts, Perl scripts, SNORT signatures, cron jobs, and SPLUNK filters, to implement defensive techniques. Ability to use vulnerability analysis tools, such as Nessus and Metasploit, to detect vulnerabilities. Ability to set SIEM thresholds and use tools like SNORT, Netflow, and firewall and appliance logs to detect attacks. Ability to use packet capture, memory analysis, and other forensic tools to understand specific attacks. Ability to communicate clearly verbally and in writing. Ability to attain the DoD Directive 8570 Computer Network Defense Analyst (CND-A) qualification shortly after starting work. Ability to obtain and maintain necessary security clearances.
HR. Website URL: